The vulnerability of Microsoft Hyper-V hardware virtualization system for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Hyper-V hardware virtualization technology for Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code using a specially crafted application...

The vulnerability of the Win32k component in Windows operating systems, which allows attackers to increase their privileges

The vulnerability of the Win32k component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges by using a specially created application...

CVE-2016-5295

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only...

CVE-2017-7768

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access,...

Microsoft Patches Two Zero-Day Flaws Under Active Attack

It's time to gear up for the latest May 2018 Patch Tuesday. Microsoft has today released security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wild by cybercriminals, and two publicly disclosed bugs. In brief, Microsoft is addressing ...

Microsoft Browser Information Disclosure Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Internet Explorer IE and Edge are web browsers that come with Windows operating systems. An information disclosure vulnerability exists in Microsoft IE 11 and Edge, which arises from a...

PT-2018-1313 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Win32k component of Windows operating systems, which can be exploited to elevate privileges using a specially crafted application...

CVE-2018-8861

Vulnerabilities within the Philips Brilliance CT kiosk environment Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior could enable a limited-access kiosk user or an unauthorized...

CVE-2018-8853

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in...

Design/Logic Flaw

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in...

CVE-2018-8853

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in...

Philips Brilliance CT Scanners Elevation of Privilege Vulnerability

The Philips Brilliance 64, among others, is a CT scanner device from the Dutch company Philips. A security vulnerability exists in multiple Philips Brilliance CT devices. An attacker can exploit the vulnerability to gain elevated privileges and gain access to unauthorized resources of the...

The vulnerability of the Virtual File System implementation in the Desktop Bridge application converter for the Windows operating system allows a hacker to escalate their privileges.

The vulnerability of the Virtual File System VFS implementation in the Windows Desktop Bridge application converter is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges by using a specially crafted application...

Graffiti in the digital world: How hacktivists use defacement

Activists have been featured more frequently in the news lately, with marches shining the spotlight on women's rights and bringing about an end to gun violence, to name a few. However, the real world isn't the only place where activism happens. The digital realm has become a critical space for...

Microsoft Windows - nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation) Kernel Pool Memory Disclosure

Microsoft Windows - nt!NtQueryInformationTransactionManager TransactionManagerRecoveryInformation Kernel Pool Memory Disclosure / We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose...

Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability

Microsoft Windows 10, Windows Server 2016, and Windows Server Version 1709 are products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and devices such as laptops, tablets, and mobile phones.Windows Server 2016 and Windows Server Version 1709 are server...

CVE-2017-4028

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters...

Design/Logic Flaw

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...

Design/Logic Flaw

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...

CVE-2018-5223

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...