Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
CVE-2024-43461CVE-2024-38112Microsoft confirms IE zero-day exploited in sneaky update
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...
2 days ago
The Register CVE-2024-43461CVE-2024-38112Microsoft confirms IE zero-day exploited in sneaky update
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...
2 days ago
Help Net Security CVE-2024-43461Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) - Help Net Security
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML, "was exploited as a part of an attack chain relating to CVE-2024-38112."
3 days ago
Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.
4 days ago
The Cyber Express CVE-2024-38217CVE-2024-38014September 2024 Patch Tuesday: Essential Zero-Day Fixes
Microsoft’s September 2024 Patch Tuesday includes crucial updates for four zero-day vulnerabilities and other updates for product enhancements.
1 week ago
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused…
1 week ago
Four zero-days fixed for September Patch Tuesday | TechTarget
September Patch Tuesday resolves four zero-days with the most pressing one affecting the Windows Update feature.
1 week ago
Microsoft fixes Windows Smart App Control zero-day exploited since 2018
Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.
1 week ago
Help Net Security CVE-2024-21302September 2024 Patch Tuesday forecast: Downgrade is the new exploit - Help Net Security
Todd Schell from Ivanti gives his overview of August and forecast for September 2024 Patch Tuesday. Are you ready to get patching?
2 weeks ago
inkl CVE-2024-30078Critical remote code execution vulnerability discovered in Microsoft Windows Wi-Fi drivers
The CVSS score for CVE-2024-30078 is 8.8, indicating a high severity level. Once a system is compromised, attackers can move laterally within the…
2 weeks ago
@Securelist CVE-2023-36033CVE-2024-30051Malware report for Q2 2024 — a quarterly review
In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.
2 weeks ago
The Register CVE-2024-38063PoCcode released for zero-click Windows critical vuln
Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks...
3 weeks ago
CVE-2024-38063PoCcode released for zero-click Windows critical vuln
Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks...
3 weeks ago
Windows Downdate tool lets you 'unpatch' Windows systems
SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems.
3 weeks ago
Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data
A server-side request forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.
1 month ago
CybersecurityNews CVE-2024-38021Outlook Zero-click RCE Vulnerability Technical Details Released
The attack involves passing a composite moniker in an image tag URL. This bypasses the security measures implemented in the hyperlink creation function, leading to potential remote code execution and local NTLM credential leaks.
1 month ago
Help Net Security CVE-2024-381930-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) - Help Net Security
CVE-2024-38193 has been leveraged by North Korean hackers to install a rootkit on targets' computers, researchers have revealed.
1 month ago
Ars Technica CVE-2024-38193Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses.
1 month ago
eSecurity Planet CVE-2024-38202CVE-2024-7593Vulnerability Recap 8/19/24: Microsoft, Ivanti, SolarWinds
Microsoft appears on our list multiple times this week, with notable Patch Tuesday CVEs and an Entra ID vulnerability that affects hybrid clouds.
1 month ago
www.hfrance.fr CVE-2024-38058MicrosoftはBitLockerセキュリティパッチを無効にし、手動で軽減するようアドバイス
Microsoft は、パッチを適用した Windows デバイスが BitLocker 回復モード…
1 month ago
GBHackers on Security CVE-2024-38193Lazarus Hacker Group Exploited Microsoft Windows Zero-day
Microsoft Windows Zero-day vulnerability, cataloged as CVE-2024-38193, was discovered by researchers in early June 2024.
1 month ago
Morphisec CVE-2024-38021Technical Analysis: CVE-2024-38021
In this blog Morphisec researchers provide technical analysis of CVE-2024-38021, a vulnerability impacting Microsoft Outlook.
1 month ago
Latest Hacking News - Exploits, Vulnerabilities, Tech and Tutorials CVE-2024-38063Microsoft Patched A Zero-Click TCP/IP RCE Flaw
The zero-click TCP/IP Flaw affects Microsoft Windows systems with IPv6 enabled, leaving the ones with disabled IPv6 unaffected.
1 month ago
Security Affairs CVE-2024-38193Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group.
1 month ago
Krusell France CVE-2024-38058Archives des Astuces & Tutos - Krusell France
Skip to content 19 août 2024 Krusell FranceTa dose d'actu digital ! 🔥 Actu📱Smartphone💻 Informatique🕹️ Gaming🤖 IA🛠️ Astuces & Tutos Rechercher : HomeAstuces...
1 month ago
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
Microsoft marks CVE-2024-38193 as ‘actively exploited’ and warns that it allows SYSTEM privileges on the latest Windows operating systems.
1 month ago
Telconet CSIRT CVE-2024-30040CVE-2024-30051Microsoft corrige múltiples vulnerabilidades en su Patch Tuesday de mayo 2024 – Telconet CSIRT
Microsoft realiza actualizaciones de seguridad con su Patch Tuesday de mayo del 2024 en el que se aborda un total de 61 fallos de seguridad, que incluyen tres vulnerabilidades Zero Day. En esta edición, se...
1 month ago
The Cyber Express CVE-2024-38213Copy2pwn Bypasses Windows Mark Of The Web Security Feature
Researchers uncovered a copy2pwn vulnerability, CVE-2024-38213, that allows threat actors to bypass Windows' Mark-of-the-Web (MotW) protections.
1 month ago
Help Net Security CVE-2024-38200CVE-2024-28986Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to
1 month ago
The Stack CVE-2024-38063Should organisations disable IPv6 to protect against "scary" wormable TCP/IP RCE?
CVE-2024-38063 lets unauthenticated attackers carry out remote code execution by "repeatedly sending IPv6 packets".
1 month ago
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
Microsoft rated the issue 9.8/10 in severity and stressed that exploits may be trivial to craft, requiring no privileges or user interaction.
1 month ago
darkwebinformer.com CVE-2024-38063CVE-2024-38063 - Mitigation Script by Disabling IPV6 on All Interfaces
CVE-2024-38063 - Mitigation Script by Disabling IPV6 on All Interfaces
1 month ago
LPE FTW – PSW #839
This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new ...
1 month ago
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.
1 month ago
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled.
1 month ago
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled.
1 month ago
Forbes CVE-2024-38178CVE-2024-38213New Windows Cyber Attacks Confirmed—CISA Says Update By September 3
The U.S. Cybersecurity Agency has warned that Windows users must update systems before September 3 as multiple new zero-day attacks are confirmed by Microsoft.
1 month ago
Six 0-Days Lead Microsoft’s August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.
1 month ago
CybersecurityNews CVE-2024-38063Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems
Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations.
1 month ago
CVE-2024-38063Microsoft patches CVE-2024-38063 IPv6 RCE vulnerability
Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from...
1 month ago
The Register CVE-2024-38063Microsoft patches CVE-2024-38063 IPv6 RCE vulnerability
Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from...
1 month ago
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday.
1 month ago
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update
Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.
1 month ago
Morphisec CVE-2024-38173CVE-2024-38173: Outlook Form Injection RCE Vulnerability Patched
Morphisec researchers have discovered two critical Microsoft Office vulnerabilities. This blog provides background, patch and risk of exploitation details.
1 month ago
ABP Live CVE-2024-38200Microsoft Issues Warning For MS Office Users: Critical Security Vulnerability Spotted, Update To Be Rolled Out Today
The vulnerability, designated as CVE-2024-38200, has been assigned a severity rating of 7.5 on the Common Vulnerability Scoring System (CVSS) scale.
1 month ago
Forbes CVE-2024-6768New Windows 10 And 11 Blue Screen Of Death Warning Issued
Just as Windows users have recovered from the July CrowdStrike update failure, a new blue screen of death threat has been revealed. Here’s what is known so far.
1 month ago
Neowin CVE-2024-6768Windows 11/10 system driver has BSOD-triggering CVE-2024-6768 flaw on fully updated PCs
Security researchers have discovered a vulnerability in a Windows system driver that can be abused to trigger a blue screen of death (BSOD), even on fully updated Windows 11 and 10 systems.
1 month ago
CLFS Bug Crashes Even Updated Windows 10, 11 Systems
A quick and easy exploit for crashing Windows computers has no fix yet nor really any way to mitigate its effects.
1 month ago
Morphisec CVE-2024-30103Technical Analysis: CVE-2024-30103
In this blog Morphisec researchers provide technical analysis of CVE-2024-30103, a remote code execution vulnerability impacting Microsoft Outlook.
1 month ago