Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
Cyber Security NewsCVE-2024-49112PoC Exploit Tool Released for Critical Windows LDAP Zero-click RCE Vulnerability
Researchers unveiled a proof-of-concept (PoC) exploit for a critical vulnerability in Windows Lightweight Directory Access Protocol (LDAP), tracked as CVE-2024-49112.
6 hours ago
Cyber Security NewsCVE-2024-30088OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations
The Iranian state-sponsored hacking group OilRig, also known as APT34, has intensified its cyber espionage activities, targeting critical infrastructure and government entities in the United Arab Emirates and the broader Gulf region.
1 week ago
GBHackers NewsCVE-2024-30085Windows 11 Vulnerability Lets Attackers Execute Code to Gain Access
Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level.
2 weeks ago
Petri IT KnowledgebaseCVE-2024-35250CISA Issues Alert on Critical Windows Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Windows kernel vulnerability to its Known Exploited Vulnerabilities (KEV)
2 weeks ago
ForbesCVE-2024-35250New Microsoft Windows Security Deadline—Why You Must Update Before Jan. 6
America’s Cyber Defense Agency, CISA, has warned a Microsoft Windows kernel vulnerability is now being exploited in the wild —here’s what you need to know and do.
2 weeks ago
Techzine EuropeCVE-2024-35250Critical Windows kernel vulnerability easily escalates system privileges
Windows vulnerability exposed: hackers take advantage of CVE-2024-35250 to gain system privileges.
2 weeks ago
Security AffairsU.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog.
2 weeks ago
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
CISA adds Adobe ColdFusion and Microsoft Windows flaws to exploited list; FBI warns of HiatusRAT targeting IoT devices.
2 weeks ago
CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities
CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild.
2 weeks ago
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability.
2 weeks ago
Help Net SecurityCVE-2024-49138Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On
3 weeks ago
ForbesCVE-2024-49138New Windows 0Day Attack Strikes—Microsoft Warns Millions To Update Now
As a zero-day security vulnerability posing significant risk to users is confirmed as under active exploitation—the DHS and Microsoft have urged millions to update now.
3 weeks ago
Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common…
3 weeks ago
ForbesCVE-2024-49138New Windows 0Day Attack Confirmed—Homeland Security Says Update Now
As a zero-day security vulnerability posing significant risk to users is confirmed as under active exploitation—the DHS has urged all organizations to update now.
3 weeks ago
The Hacker NewsCVE-2024-49138Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Microsoft closes 2024 Patch Tuesday with 72 fixes, including an exploited flaw and NTLM updates.
3 weeks ago
Help Net SecurityCVE-2024-49138Microsoft fixes exploited zero-day (CVE-2024-49138) - Help Net Security
For December 2024 Patch Tuesday, Microsoft has fixed a zero-day (CVE-2024-49138) that's been exploited by attackers in the wild.
3 weeks ago
Cyber Security NewsCVE-2024-49138Windows Common Log File System Zero-day (CVE-2024-49138) Exploited in the Wild
A new high-severity security vulnerability, CVE-2024-49138, has been identified in the Windows Common Log File System (CLFS) Driver as a zero-day that was exploited in the wild.
3 weeks ago
Dangerous CLFS and LDAP flaws stand out on Patch Tuesday | Computer...
Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol.
3 weeks ago
Microsoft NTLM Zero-Day to Remain Unpatched Until April
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
3 weeks ago
Cyber Security NewsCVE-2024-38193Hackers Can Exploit Windows Driver Use-After-Free Vulnerability (CVE-2024-38193) to Gain Systems Privileges
A critical use-after-free vulnerability called CVE-2024-38193 is found in the Windows driver afd.sys. It affects the Registered I/O (RIO) extension.
1 month ago
Cyber Security NewsCVE-2024-49039PoC Exploit Released for Windows Task Scheduler Zero-day Flaw, Exploited in Wild
A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability in the Windows Task Scheduler, identified as CVE-2024-49039.
1 month ago
Microsoft Hacking Warning—450 Million Windows Users Must Now Act
Don’t get caught in this security nightmare—here’s what you must do now.
1 month ago
The Hacker NewsCVE-2024-49053Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Microsoft patches four critical security flaws, including an exploited privilege escalation vulnerability in Partner Center.
1 month ago
The CFOCVE-2024-49035Microsoft addresses critical security vulnerabilities across AI and cloud services - The CFO
Microsoft has unveiled patches for four significant security vulnerabilities affecting its artificial intelligence, cloud infrastructure, and enterprise platforms, with one flaw already being exploited in production environments. The developments raise concerns about potential widespread impacts on ...
1 month ago
KasperskyCVE-2024-49040Spoofing via CVE-2024-49040
Kaspersky experts have added spoofing detection technology to email protection solutions that can stop exploitation of the CVE-2024-49040 vulnerability.
1 month ago
The Cyber ExpressRomCom Exploits Firefox & Windows Zero-Day Vulnerabilities
RomCom exploits Firefox and Windows vulnerabilities, chaining vulnerabilities to install backdoors without user interaction.
1 month ago
RomCom Exploits Firefox & Windows Zero-Day Vulnerabilities
RomCom exploits Firefox and Windows vulnerabilities, chaining vulnerabilities to install backdoors without user interaction.
1 month ago
Russian hackers exploit Firefox, Windows zero-days in wild | TechTa...
Russia-aligned threat group RomCom was observed chaining two new Firefox and Windows zero-day vulnerabilities together in the wild.
1 month ago
KasperskyCVE-2024-43451CVE-2024-43451 allows stealing NTLMv2 hash
Patch Tuesday, November 2024: CVE-2024-43451, used in real attacks, permits stealing an NTLMv2 hash with minimal interaction from the victim.
2 months ago
The StackPatch Tuesday brings a mystery Kerberos vulnerability, more.
November Patch Tuesday: Two exploited Microsoft bugs and a CVSS 9.8 "wormable" Kerberos vulnerability reported. Here's some highlights.
2 months ago
Help Net SecurityCVE-2024-43451How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) - Help Net Security
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on Tuesday, has been exploited since at least April 2024.
2 months ago
Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions
Exploit for a Windows zero-day vulnerability (CVE-2024-43451) is executed by deleting files, drag-and-dropping them, or right clicking.
2 months ago
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities.
2 months ago
The Cyber ExpressCVE-2024-43451Microsoft November 2024 Patch Tuesday Fixes Vulnerabilities
Microsoft November 2024 Patch Tuesday addresses 91 vulnerabilities, including 4 zero-day flaws, critical security issues, and important updates.
2 months ago
Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other…
2 months ago
November 2024 Patch Tuesday: Updates and Analysis | CrowdStrike
Microsoft has released security updates for 158 vulnerabilities, including three zero-days and four critical, for its November 2024 Patch Tuesday rollout.
2 months ago
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) - Help Net Security
Microsoft drops fixes for 89 security issues in its products, two of which - CVE-2024-43451 and CVE-2024-49039 - are exploited by attackers.
2 months ago
HackreadCVE-2024-43451Microsoft's November Patch Tuesday Fixes 91 Vulnerabilities, 4 Zero-Days
Microsoft’s November 2024 Patch Tuesday update resolves 91 security flaws, including four zero-day vulnerabilities. Patch your devices ASAP!
2 months ago
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective.
2 months ago
cyfirmaCVE-2024-30078CVE-2024-30078 Remote Code Execution Vulnerability Analysis and Exploitation - CYFIRMA
Published On : 2024-08-22 EXECUTIVE SUMMARY CVE-2024-30078 reveals a severe vulnerability in the Wi-Fi drivers across multiple Microsoft Windows versions, potentially enabling threat actors within...
2 months ago
CSO OnlineCVE-2024-38094A new SharePoint vulnerability is already being exploited
Microsoft SharePoint makes it simpler for enterprises to help employees discover documents on their internal network — but a recently exploited vulnerability is making easier for attackers to get inside the corporate network too.
2 months ago
Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
2 months ago
TheCyberThroneCVE-2024-38094Microsoft Sharepoint Server CVE-2024-38094 Exploited
Threat actors have exploited a vulnerability in Microsoft SharePoint Server, identified as CVE-2024-38094, allowing them to gain complete domain access and compromise critical systems. The Rapid7 incident response team has detailed how this sophisticated attack combines various techniques to achieve...
2 months ago
CyberSecurityNewsCVE-2024-38030New Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials
New identical Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials vulnerability that might allow attackers to obtain NTLM credentials of compromised systems while fixing CVE-2024-38030, a medium-severity Windows Themes spoofing issue.
2 months ago
Recurring Windows Flaw Could Expose User Credentials
Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.
2 months ago
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely.
2 months ago
Patching problems: The "return" of a Windows Themes spoofing vulnerability - Help Net Security
Despite two patching attempts, a Windows Themes spoofing vulnerability still affects Microsoft's operating system.
2 months ago
Windows 'Downdate' Attack Makes Patched PCs Vulnerable
Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.
2 months ago
Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
Discover how a new attack technique bypasses Microsoft’s security, enabling OS downgrade attacks on Windows.
2 months ago
Exploited: Cisco, SharePoint, Chrome vulnerabilities - Help Net Security
Fix these vulnerabilities in Cisco security appliances (CVE-2024-20481), Sharepoint (CVE-2024-38094), and Chrome (CVE-2024-4947).
2 months ago