Microsoft has disrupted a major cybercriminal operation designed to take advantage of the COVID-19 pandemic and defraud victims in 62 countries around the world.
The Internet Systems Consortium (ISC) has released two security updates that fix vulnerabilities on multiple versions of BIND. In addition, Microsoft also issued a new DNS security advisory and workaround. The flaws could allow a remote attacker to exploit and cause a denial of service condition.
Microsoft has released a new patch for multiple remote code execution (RCE) vulnerabilities in software that uses the Autodesk FBX library.
Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.
Microsoft released the March 2020 Security Updates that include 115 unique vulnerability fixes, 26 of those rated critical. This is the largest patch release in Microsoft's history. Microsoft also issued guidance and a new security update to fix an SMBv3 RCE vulnerability dubbed SMBGhost.
Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.
Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft's investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.
Microsoft said misconfigured access rules on an internal customer database has exposed millions of customer data records.
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to "identify interesting features in source code" and can help enable developers understand software components your apps use.
Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.