Zero-days Archives - Page 8 of 14

Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated

Vulnerabilities & Exploits, Zero-days / Frank Crast / September 15, 2021 / CVE-2021-40444, Microsoft, MSHTML, RCE

Microsoft has warned of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444). The tech giant also released workarounds for the threat until a permanent fix is released.

Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated Read More »

Apple security updates for iOS 14.8, macOS Big Sur 11.6 and other products (warns of active exploits in the wild)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / September 14, 2021 / Apple, Big Sur, BigSur116, iOS, iOS148

Apple has released security updates to fix vulnerabilities in iOS 14.8, macOS Big Sur 11.6, Safari 14.1.2, watchOS 7.6.2, and other products. The tech giant also warned of active exploits in the wild against some vulnerabilities.

Apple security updates for iOS 14.8, macOS Big Sur 11.6 and other products (warns of active exploits in the wild) Read More »

Microsoft August 2021 Security Updates includes fixes for 7 Critical RCEs, 3 zero-day vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / August 11, 2021 / CVE-2021-26424, CVE-2021-26432, CVE-2021-34480, CVE-2021-34530, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36942, CVE-2021-36948, Microsoft, Print Spooler, Windows, Windows 10

Microsoft has released the August 2021 Security updates that includes patches for 49 vulnerabilities, 7 of those rated Critical. The updates also include fixes for 3 zero-day bugs exploited in the wild.

Microsoft August 2021 Security Updates includes fixes for 7 Critical RCEs, 3 zero-day vulnerabilities Read More »

Apple fixes watchOS vulnerability (CVE-2021-30807) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / August 4, 2021 / Apple, CVE-2021-30807, watchOS

Apple has fixed a zero-day vulnerability CVE-2021-30807 in Apple watchOS 7.6.1 that is under active attack.

Apple fixes watchOS vulnerability (CVE-2021-30807) exploited in the wild Read More »

Apple fixes zero-day vulnerability (CVE-2021-30807) in macOS Big Sur and iOS

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 27, 2021 / Apple, Big Sur, BigSur115, CVE-2021-30807, iOS, iOS147, macOS

Apple has fixed a zero-day vulnerability CVE-2021-30807 in macOS Big Sur and iOS versions that is under active attack.

Apple fixes zero-day vulnerability (CVE-2021-30807) in macOS Big Sur and iOS Read More »

Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 26, 2021 / ACL, CVE-2021–36934, GitHub, HiveNightmare, SAM, SeriousSAM

Microsoft has issued a workaround for a serious zero-day vulnerability CVE-2021–36934 dubbed “SeriousSAM” that could allow an attacker to read any registry hives as a non-administrator.

Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability Read More »

Microsoft July 2021 Security Updates includes fixes for 13 Critical RCEs, 3 zero-day vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 14, 2021 / CVE-2021-33740, CVE-2021-34439, CVE-2021-34448, CVE-2021-34450, CVE-2021-34458, CVE-2021-34464, CVE-2021-34473, CVE-2021-34474, CVE-2021-34494, CVE-2021-34497, CVE-2021-34503, CVE-2021-34522, CVE-2021-34527, Dynamics, Exchange, Malware Protection Engine, Windows, Windows 10, Windows Server

Microsoft has released the July 2021 Security updates that includes patches for 117 vulnerabilities, 13 of those rated Critical. The updates also include fixes for 3 zero-day bugs exploited in the wild.

Microsoft July 2021 Security Updates includes fixes for 13 Critical RCEs, 3 zero-day vulnerabilities Read More »

Critical ForgeRock Access Management vulnerability (CVE-2021-35464) exploited

Identity & Access Management, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 12, 2021 / Access Management, ACSC, CVE-2021-35464, ForgeRock, Identity

A Critical ForgeRock Access Management (AM) vulnerability (CVE-2021-35464) has been exploited in the wild. The issue affects ForgeRock’s OpenAM, open-source AM solution.

Critical ForgeRock Access Management vulnerability (CVE-2021-35464) exploited Read More »

Microsoft patches PrintNightmare vulnerability

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 7, 2021

Microsoft has patched PrintNightmare, a severe remote code execution (RCE) vulnerability that affects the Windows Print Spooler service under active attacks in the wild.

Microsoft patches PrintNightmare vulnerability Read More »

PrintNightmare: Windows Print Spooler service RCE vulnerability exploit code

Vulnerabilities & Exploits, Zero-days / Frank Crast / July 1, 2021 / CVE-2021-1675, PrintNightmare, RpcAddPrinterDriverEx

Researchers have posted Proof of Concept (PoC) code dubbed PrintNightmare used to exploit a Windows Print Spooler service remote code execution (RCE) vulnerability CVE-2021-1675.

PrintNightmare: Windows Print Spooler service RCE vulnerability exploit code Read More »