RCE Archives - Securezoo

CISA adds Critical Microsoft diagnostics tool vulnerability to Catalog of exploited vulnerabilities

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / June 16, 2022 June 16, 2022 /

The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Support Diagnostic Tool (MSDT) vulnerability CVE-2022-30190 (aka “Follina”) to its Known Exploited Vulnerabilities Catalog.

Tags: CVE-2022-30190, Cybersecurity Threat Center, exploits, Follina, Microsoft, MSDT, RCE, Vulnerabilities

Microsoft June 2022 Security Updates addresses 55 vulnerabilities (3 Critical)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / June 14, 2022 July 13, 2022 /

The Microsoft June 2022 Security Updates includes patches and advisories for 55 vulnerabilities, three of those rated Critical severity.

Tags: CVE-2022-30136, CVE-2022-30139, CVE-2022-30163, Cybersecurity Threat Center, HyperV, LDAP, Microsoft, NFS, RCE, Vulnerabilities

Microsoft February 2022 Security Updates (fixes for 16 RCEs, 1 zero-day)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 9, 2022 March 20, 2022 /

It was a relatively light Patch Tuesday for Microsoft this month. The Microsoft February 2022 Security Updates includes patches and advisories for 50 vulnerabilities, 16 of those remote code execution flaws and one zero-day (CVE-2022-21989). None are rated Critical.

Tags: Azure, CVE-2013-3900, HEVC, Microsoft Dynamics, Microsoft Office, RCE, SharePoint, Windows

Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 30, 2021 December 30, 2021 /

The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.

Tags: Apache, CVE-2021-44832, Log4j, RCE

Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated

Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 15, 2021 September 15, 2021 /

Microsoft has warned of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444). The tech giant also released workarounds for the threat until a permanent fix is released.

Tags: CVE-2021-40444, Microsoft, MSHTML, RCE

Fortinet patches High risk RCE vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 20, 2021 July 20, 2021 /

Fortinet has patched a High risk use-after-free vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer fgfmsd daemon. An attacker could exploit the vulnerability to launch remote code execution (RCE) as root and take control of an impacted system.

Tags: CVE-2021-32589, FortiAnalyzer, FortiManager, Fortinet, RCE

Microsoft June 2021 Security Updates includes fixes for 6 zero-day vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / June 9, 2021 June 9, 2021 /

Microsoft has released the June 2021 Security updates that includes patches for 50 vulnerabilities, 5 of those rated Critical. The updates also include fixes for 6 zero-day flaws exploited in the wild.

Tags: Cryptography, CVE-2021-31959, CVE-2021-31963, CVE-2021-31967, CVE-2021-31985, CVE-2021-33742, DWM, MSHTML, NTFS, RCE, SharePoint, VP9, Windows, Windows 10

PoC exploit code released for Windows wormable RCE (CVE-2021-31166)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / May 21, 2021 May 21, 2021 /

A security researcher has published proof-of-concept (PoC) exploit code for a Windows HTTP protocol stack remote code execution (RCE) vulnerability CVE-2021-31166.

Tags: CVE-2021-31166, POC, RCE, Windows

F5 patches 4 Critical vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 10, 2021 March 11, 2021 /

F5 has patched two Critical remote code execution (RCE) and another two buffer overflow vulnerabilities that impact BIG-IP and BIG-IQ devices. Moreover, the security firm also addressed two other High severity bugs and one Medium severity flaw.

Tags: CVE-2021-22986, CVE-2021-22987, CVE-2021-22991, CVE-2021-22992, F5, iControl, RCE, WAF

Adobe releases security updates for Framemaker, Creative Cloud Desktop Application and Connect

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 10, 2021 March 10, 2021 /

Adobe has released security updates to address vulnerabilities in Adobe Framemaker, Creative Cloud Desktop Application and Connect products.

Tags: Adobe, Adobe Connect, Creative Cloud, CVE-2021-21056, CVE-2021-21069, CVE-2021-21078, CVE-2021-21085, Framemaker, RCE