Microsoft has released a new patch for multiple remote code execution (RCE) vulnerabilities in software that uses the Autodesk FBX library.
Microsoft releases patch for Autodesk FBX library RCE vulnerabilities Read More »
Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.
Microsoft released the March 2020 Security Updates that include 115 unique vulnerability fixes, 26 of those rated critical. This is the largest patch release in Microsoft’s history. Microsoft also issued guidance and a new security update to fix an SMBv3 RCE vulnerability dubbed SMBGhost.
Microsoft March 2020 Security Updates, fix for SMBv3 RCE vulnerability (updated) Read More »
Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.
Microsoft February 2020 Security Updates (includes IE zero-day fix) Read More »
Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft’s investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.
Threat actors are launching web shell attacks Read More »
Microsoft said misconfigured access rules on an internal customer database has exposed millions of customer data records.
Microsoft customer support database exposes millions of records Read More »
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to “identify interesting features in source code” and can help enable developers understand software components your apps use.
Microsoft introduces Application Inspector Read More »
Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.
Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.
Microsoft issued an out-of-bound security update for a SharePoint Server vulnerability CVE-2019-1491.
