Microsoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack

Microsoft has released the September 2021 Security updates that includes patches for 66 vulnerabilities, 3 of those rated Critical. The updates also include a fix for one zero-day bug in MSHTML (CVE-2021-40444) exploited in the wild.

Continue ReadingMicrosoft September 2021 Security Updates includes fix for an RCE bug in MSHTML under active attack

“BadAlloc” vulnerabilities impact broad range of IoT and OT devices

Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed "BadAlloc" that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.

Continue Reading“BadAlloc” vulnerabilities impact broad range of IoT and OT devices

Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities

Microsoft has released the April 2021 Security updates that includes patches for 114 vulnerabilities, 19 of those rated Critical. The updates also include fixes for multiple Microsoft Exchange flaws that have a higher likelihood of being exploited.

Continue ReadingMicrosoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities

CHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.

Continue ReadingCHIRP tool scans for signs of APT compromise associated with SolarWinds and Azure/M365 cyberattacks

Microsoft February 2021 Security Updates, warns of Win32k Privilege Escalation vulnerability exploited in wild (updated)

Microsoft has released the February 2021 Security updates that includes patches for 56 vulnerabilities, 11 of those rated Critical. Moreover, the tech giant warned of a Win32k Privilege Escalation vulnerability CVE-2021-1732 exploited in wild.

Continue ReadingMicrosoft February 2021 Security Updates, warns of Win32k Privilege Escalation vulnerability exploited in wild (updated)