Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
CybersecurityNewsCVE-2025-21415Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access
Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue,
20 hours ago
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face Service and Microsoft Accou
23 hours ago
CybersecurityNewsCVE-2025-21293PoC Exploit Released for Active Directory Domain Services Privilege Escalation Vulnerability
A proof-of-concept (PoC) exploit code has been released for CVE-2025-21293, a critical Active Directory Domain Services Elevation of Privilege vulnerability.
1 day ago
GBHackers NewsCVE-2024-49138Windows CLFS Buffer Overflow Vulnerability CVE-2024-49138 - PoC Released
A recently disclosed Windows kernel-level vulnerability, identified as CVE-2024-49138, has raised significant security concerns in the cybersecurity community.
1 week ago
ForbesCVE-2025-21210Microsoft Windows BitLocker Vulnerability Exposes Passwords—Act Now
Security experts have warned Windows BitLocker vulnerability could expose sensitive data in RAM, including passwords—what you need to do.
1 week ago
GBHackers NewsCVE-2025-21298Zero-Click Outlook RCE Vulnerability (CVE-2025-21298), PoC Released
Microsoft issued a critical patch to address CVE-2025-21298, a zero-click Remote Code Execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE).
2 weeks ago
CybersecurityNewsCVE-2025-21298PoC Exploit Released For Critical Microsoft Outlook (CVE-2025-21298) Zero-Click RCE Vulnerability
A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298.
2 weeks ago
CybersecurityNewsCVE-2025-21210Windows BitLocker Vulnerability(CVE-2025-21210) Exploited in Randomization Attack
BitLocker, a widely used full-disk encryption tool in Microsoft Windows, relies on AES-XTS for encrypting storage devices.
2 weeks ago
Qualys Security BlogCVE-2025-21307How to Address CVE-2025-21307 Without a Patch Before the Weekend | Qualys Security Blog
Microsoft’s January 2025 Patch Tuesday release addresses a critical vulnerability—CVE-2025-21307—in the Windows Reliable Multicast Transport Driver (RMCAST).
3 weeks ago
ForbesCVE-2025-21298Critical Microsoft Outlook Vulnerability Rated 9.8/10 Confirmed—Update Now
A critical-rated Outlook vulnerability has been confirmed by Microsoft which has warned that exploitation is likely—here’s what you need to know and do.
3 weeks ago
GBHackers NewsCVE-2025-21298Microsoft Patches Outlook Zero-Click RCE Exploited Via Email - Patch Now!
Microsoft issued a critical security patch addressing a newly discovered vulnerability in Outlook, designated as CVE-2025-21298.
3 weeks ago
CybersecurityNewsCVE-2025-21224Windows Line Printer Daemon (LPD) Vulnerability Exposes Systems to Remote Code Execution
Microsoft has disclosed a significant security vulnerability in its Windows Line Printer Daemon (LPD) service, tracked as CVE-2025-21224. This flaw could allow attackers to execute remote code on affected systems, posing a serious risk to organizations relying on the LPD service for network printing...
3 weeks ago
CyberScoopMicrosoft fixes 159 vulnerabilities in first Patch Tuesday of 2025
Microsoft has addressed a total of 159 vulnerabilities in the first Patch Tuesday of 2025, covering a broad spectrum of products.
3 weeks ago
HackreadCVE-2024-49113Fake PoC Exploit Targets Cybersecurity Researchers with Malware
The attackers have set up a malicious repository containing the fake PoC, leading to the exfiltration of sensitive computer and network information.
4 weeks ago
The Hacker NewsCVE-2024-49113CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Phishing exploits CrowdStrike branding to deliver XMRig cryptominer via fake CRM app, evading detection.
4 weeks ago
Cyber Security NewsCVE-2024-49113Weaponized LDAP PoC Exploit Installing Information-Stealing Malware
Security researchers are tricked into downloading and executing information-stealing malware by a fake proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed LDAPNightmare.
4 weeks ago
BankInfoSecurityPatch Alert: Remotely Exploitable LDAP Flaws in Windows
Security experts are urging all organizations that use Microsoft Windows to ensure they install patches, released last month, to fix Lightweight Directory Access
4 weeks ago
The RegisterCVE-2024-49113Security pros baited by fake Windows LDAP exploits
Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitimate...
4 weeks ago
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
1 month ago
Cyber Security NewsCVE-2024-43641PoC Exploit Released for Windows Registry Privilege Elevation Vulnerability
A proof-of-concept (PoC) exploit for a critical Windows Registry Elevation of Privilege vulnerability, identified as CVE-2024-43641.
1 month ago
TheCyberThrone Security Weekly Review – January 04, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025. CVE-2024-56512 impacts Apache NiFi CVE-2024-56512 is a security vulnerability identified in Apache NiFi, specifically affec...
1 month ago
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with...
1 month ago
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with...
1 month ago
Information Security NewspaperCVE-2024-49113Hacking Active Directory: Learn How LDAPNightmare Flaw Shuts Down AD Services
Hacking Active Directory: Learn How LDAPNightmare Flaw Shuts Down AD Services - Vulnerabilities - Information Security Newspaper | Hacking News
1 month ago
PravinKarthik
Read all of the posts by PravinKarthik on TheCyberThrone
1 month ago
TheCyberThroneCVE-2024-49113CVE-2024-49113: PoC Exploit Code Released
The CVE-2024-49113 vulnerability is a significant Denial of Service (DoS) issue found in the Windows Lightweight Directory Access Protocol (LDAP). SafeBreach Labs developed the exploit code, which has now been released publicly. This vulnerability, if exploited, can lead to the crashing and rebootin...
1 month ago
Security AffairsCVE-2024-49113LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113
Experts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots.
1 month ago
The Hacker NewsCVE-2024-49113LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
LDAPNightmare PoC exploit crashes Windows Servers via CVE-2024-49113. Patch or monitor CLDAP responses to prevent DoS.
1 month ago
CSO OnlineCritical Windows LDAP flaw could lead to crashed servers, RCE attacks
LDAPNightmare: If December Patch Tuesday server updates have not yet been installed, it’s time to do so to avoid DoS or RCE attacks on Active Directory domain controllers as shown by PoC exploit.
1 month ago
Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability
Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.
1 month ago
Active Directory Flaw Can Crash Any Microsoft Server
Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.
1 month ago
Cyber Security NewsCVE-2024-49112PoC Exploit Tool Released for Critical Windows LDAP Zero-click RCE Vulnerability
Researchers unveiled a proof-of-concept (PoC) exploit for a critical vulnerability in Windows Lightweight Directory Access Protocol (LDAP), tracked as CVE-2024-49112.
1 month ago
Cyber Security NewsCVE-2024-30088OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations
The Iranian state-sponsored hacking group OilRig, also known as APT34, has intensified its cyber espionage activities, targeting critical infrastructure and government entities in the United Arab Emirates and the broader Gulf region.
1 month ago
GBHackers NewsCVE-2024-30085Windows 11 Vulnerability Lets Attackers Execute Code to Gain Access
Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level.
2 months ago
Petri IT KnowledgebaseCVE-2024-35250CISA Issues Alert on Critical Windows Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Windows kernel vulnerability to its Known Exploited Vulnerabilities (KEV)
2 months ago
ForbesCVE-2024-35250New Microsoft Windows Security Deadline—Why You Must Update Before Jan. 6
America’s Cyber Defense Agency, CISA, has warned a Microsoft Windows kernel vulnerability is now being exploited in the wild —here’s what you need to know and do.
2 months ago
Techzine EuropeCVE-2024-35250Critical Windows kernel vulnerability easily escalates system privileges
Windows vulnerability exposed: hackers take advantage of CVE-2024-35250 to gain system privileges.
2 months ago
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog.
2 months ago
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
CISA adds Adobe ColdFusion and Microsoft Windows flaws to exploited list; FBI warns of HiatusRAT targeting IoT devices.
2 months ago
CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities
CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild.
2 months ago
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability.
2 months ago
Help Net SecurityCVE-2024-49138Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On
2 months ago
ForbesCVE-2024-49138New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update Now
As a zero-day security vulnerability posing significant risk to users is confirmed as under active exploitation—the DHS and Microsoft have urged millions to update now.
2 months ago
Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common…
2 months ago
ForbesCVE-2024-49138New Windows 0Day Attack Confirmed—Homeland Security Says Update Now
As a zero-day security vulnerability posing significant risk to users is confirmed as under active exploitation—the DHS has urged all organizations to update now.
2 months ago
The Hacker NewsCVE-2024-49138Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Microsoft closes 2024 Patch Tuesday with 72 fixes, including an exploited flaw and NTLM updates.
2 months ago
Help Net SecurityCVE-2024-49138Microsoft fixes exploited zero-day (CVE-2024-49138) - Help Net Security
For December 2024 Patch Tuesday, Microsoft has fixed a zero-day (CVE-2024-49138) that's been exploited by attackers in the wild.
2 months ago
Cyber Security NewsCVE-2024-49138Windows Common Log File System Zero-day (CVE-2024-49138) Exploited in the Wild
A new high-severity security vulnerability, CVE-2024-49138, has been identified in the Windows Common Log File System (CLFS) Driver as a zero-day that was exploited in the wild.
2 months ago
Dangerous CLFS and LDAP flaws stand out on Patch Tuesday | Computer...
Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol.
2 months ago
Microsoft NTLM Zero-Day to Remain Unpatched Until April
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
2 months ago