BIND and Microsoft DNS security updates

The Internet Systems Consortium (ISC) has released two security updates that fix vulnerabilities on multiple versions of BIND. In addition, Microsoft also issued a new DNS security advisory and workaround. The flaws could allow a remote attacker to exploit and cause a denial of service condition.

Continue Reading BIND and Microsoft DNS security updates

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Continue Reading Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Microsoft March 2020 Security Updates, fix for SMBv3 RCE vulnerability (updated)

Microsoft released the March 2020 Security Updates that include 115 unique vulnerability fixes, 26 of those rated critical. This is the largest patch release in Microsoft's history. Microsoft also issued guidance and a new security update to fix an SMBv3 RCE vulnerability dubbed SMBGhost.

Continue Reading Microsoft March 2020 Security Updates, fix for SMBv3 RCE vulnerability (updated)

Microsoft February 2020 Security Updates (includes IE zero-day fix)

Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.

Continue Reading Microsoft February 2020 Security Updates (includes IE zero-day fix)

Threat actors are launching web shell attacks

Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft's investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.

Continue Reading Threat actors are launching web shell attacks

Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674)

Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.

Continue Reading Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674)