Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
Microsoft confirms IE zero-day exploited in sneaky update
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...
2 days ago
Microsoft confirms IE zero-day exploited in sneaky update
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...
2 days ago
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) - Help Net Security
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML, "was exploited as a part of an attack chain relating to CVE-2024-38112."
3 days ago
Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.
4 days ago
September 2024 Patch Tuesday: Essential Zero-Day Fixes
Microsoft’s September 2024 Patch Tuesday includes crucial updates for four zero-day vulnerabilities and other updates for product enhancements.
1 week ago
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused…
1 week ago
Four zero-days fixed for September Patch Tuesday | TechTarget
September Patch Tuesday resolves four zero-days with the most pressing one affecting the Windows Update feature.
1 week ago
Microsoft fixes Windows Smart App Control zero-day exploited since 2018
Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.
1 week ago
September 2024 Patch Tuesday forecast: Downgrade is the new exploit - Help Net Security
Todd Schell from Ivanti gives his overview of August and forecast for September 2024 Patch Tuesday. Are you ready to get patching?
2 weeks ago
Critical remote code execution vulnerability discovered in Microsoft Windows Wi-Fi drivers
The CVSS score for CVE-2024-30078 is 8.8, indicating a high severity level. Once a system is compromised, attackers can move laterally within the…
2 weeks ago
Malware report for Q2 2024 — a quarterly review
In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.
2 weeks ago
PoCcode released for zero-click Windows critical vuln
Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks...
3 weeks ago
PoCcode released for zero-click Windows critical vuln
Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks...
3 weeks ago
Windows Downdate tool lets you 'unpatch' Windows systems
SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems.
3 weeks ago
Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data
A server-side request forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.
1 month ago
Outlook Zero-click RCE Vulnerability Technical Details Released
The attack involves passing a composite moniker in an image tag URL. This bypasses the security measures implemented in the hyperlink creation function, leading to potential remote code execution and local NTLM credential leaks.
1 month ago
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) - Help Net Security
CVE-2024-38193 has been leveraged by North Korean hackers to install a rootkit on targets' computers, researchers have revealed.
1 month ago
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.
1 month ago
Vulnerability Recap 8/19/24: Microsoft, Ivanti, SolarWinds
Microsoft appears on our list multiple times this week, with notable Patch Tuesday CVEs and an Entra ID vulnerability that affects hybrid clouds.
1 month ago
MicrosoftはBitLockerセキュリティパッチを無効にし、手動で軽減するようアドバイス
Microsoft は、パッチを適用した Windows デバイスが BitLocker 回復モード…
1 month ago
Lazarus Hacker Group Exploited Microsoft Windows Zero-day
Microsoft Windows Zero-day vulnerability, cataloged as CVE-2024-38193, was discovered by researchers in early June 2024.
1 month ago
Technical Analysis: CVE-2024-38021
In this blog Morphisec researchers provide technical analysis of CVE-2024-38021, a vulnerability impacting Microsoft Outlook.
1 month ago
Microsoft Patched A Zero-Click TCP/IP RCE Flaw
The zero-click TCP/IP Flaw affects Microsoft Windows systems with IPv6 enabled, leaving the ones with disabled IPv6 unaffected.
1 month ago
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group.
1 month ago
Archives des Astuces & Tutos - Krusell France
Skip to content 19 août 2024 Krusell FranceTa dose d'actu digital ! 🔥 Actu📱Smartphone💻 Informatique🕹️ Gaming🤖 IA🛠️ Astuces & Tutos Rechercher : HomeAstuces...
1 month ago
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
Microsoft marks CVE-2024-38193 as ‘actively exploited’ and warns that it allows SYSTEM privileges on the latest Windows operating systems.
1 month ago
Microsoft corrige múltiples vulnerabilidades en su Patch Tuesday de mayo 2024 – Telconet CSIRT
Microsoft realiza actualizaciones de seguridad con su Patch Tuesday de mayo del 2024 en el que se aborda un total de 61 fallos de seguridad, que incluyen tres vulnerabilidades Zero Day. En esta edición, se...
1 month ago
Copy2pwn Bypasses Windows Mark Of The Web Security Feature
Researchers uncovered a copy2pwn vulnerability, CVE-2024-38213, that allows threat actors to bypass Windows' Mark-of-the-Web (MotW) protections.
1 month ago
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to
1 month ago
Should organisations disable IPv6 to protect against "scary" wormable TCP/IP RCE?
CVE-2024-38063 lets unauthenticated attackers carry out remote code execution by "repeatedly sending IPv6 packets".
1 month ago
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
Microsoft rated the issue 9.8/10 in severity and stressed that exploits may be trivial to craft, requiring no privileges or user interaction.
1 month ago
CVE-2024-38063 - Mitigation Script by Disabling IPV6 on All Interfaces
CVE-2024-38063 - Mitigation Script by Disabling IPV6 on All Interfaces
1 month ago
LPE FTW – PSW #839
This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new ...
1 month ago
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.
1 month ago
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled.
1 month ago
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled.
1 month ago
New Windows Cyber Attacks Confirmed—CISA Says Update By September 3
The U.S. Cybersecurity Agency has warned that Windows users must update systems before September 3 as multiple new zero-day attacks are confirmed by Microsoft.
1 month ago
Six 0-Days Lead Microsoft’s August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.
1 month ago
Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations.
1 month ago
Microsoft patches CVE-2024-38063 IPv6 RCE vulnerability
Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from...
1 month ago
Microsoft patches CVE-2024-38063 IPv6 RCE vulnerability
Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from...
1 month ago
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday.
1 month ago
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update
Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.
1 month ago
CVE-2024-38173: Outlook Form Injection RCE Vulnerability Patched
Morphisec researchers have discovered two critical Microsoft Office vulnerabilities. This blog provides background, patch and risk of exploitation details.
1 month ago
Microsoft Issues Warning For MS Office Users: Critical Security Vulnerability Spotted, Update To Be Rolled Out Today
The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale.
1 month ago
New Windows 10 And 11 Blue Screen Of Death Warning Issued
Just as Windows users have recovered from the July CrowdStrike update failure, a new blue screen of death threat has been revealed. Here’s what is known so far.
1 month ago
Windows 11/10 system driver has BSOD-triggering CVE-2024-6768 flaw on fully updated PCs
Security researchers have discovered a vulnerability in a Windows system driver that can be abused to trigger a blue screen of death (BSOD), even on fully updated Windows 11 and 10 systems.
1 month ago
CLFS Bug Crashes Even Updated Windows 10, 11 Systems
A quick and easy exploit for crashing Windows computers has no fix yet nor really any way to mitigate its effects.
1 month ago
Technical Analysis: CVE-2024-30103
In this blog Morphisec researchers provide technical analysis of CVE-2024-30103, a remote code execution vulnerability impacting Microsoft Outlook.
1 month ago