Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.
Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft's investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.
Microsoft said misconfigured access rules on an internal customer database has exposed millions of customer data records.
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to "identify interesting features in source code" and can help enable developers understand software components your apps use.
Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.
Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.
Microsoft issued an out-of-bound security update for a SharePoint Server vulnerability CVE-2019-1491.
A multi-stage downloader trojan dubbed sLoad uses BITS to steal data from compromised systems. Attackers use sLoad to evade anti-malware protections and security monitoring that may not detect activity using these unconventional protocols.
Microsoft has revealed new cyber threat activity by a group dubbed GALLIUM that targets global telecommunication providers and unpatched web servers.
Microsoft issued the December 2019 Security Updates that include 36 unique vulnerability fixes, 7 of those rated critical and 29 rated important. One of the patches addresses a Win32k vulnerability under active attack in the wild.