6 matches found
Unofficial Micropatch for Follina Released as Chinese Hackers Exploit the 0-day
By Waqas The Follina vulnerability was originally discovered after a malicious Microsoft Word document was uploaded on VirusTotal from a… This is a post from HackRead.com Read the original post: Unofficial Micropatch for Follina Released as Chinese Hackers Exploit the 0-day...
Unpatched Windows 10 Zero-Day Allows Privileged File Access
An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation LPE, researchers have warned. The issue CVE-2021-24084 has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security...
Windows 10 Privilege-Escalation Zero-Day Gets Unofficial Fix
A partially unpatched security bug in Windows that could allow local privilege escalation from a regular user to System remains unaddressed fully by Microsoft – but an unofficial micropatch from oPatch has hit the scene. The bug CVE-2021-34484 was originally disclosed and patched as part of...
SandboxEscaper Debuts ByeBear Windows Patch Bypass
Guerrilla developer SandboxEscaper has disclosed a second bypass exploit for a patch that fixes a Windows local privilege-escalation LPE flaw — again without notifying Microsoft. The exploit, dubbed “ByeBear,” enables attackers to get past the patch to attack a permissions-overwrite,...
Temporary Patch Released For Adobe Reader Zero-Day
A temporary patch has been released to address a zero-day vulnerability in Adobe Reader that could enable bad actors to steal victims’ hashed password values, known as “NTLM hashes.” 0patch on Monday released a micropatch for the flaw, found in Adobe Reader DC. The vulnerability, which has no...
Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm
UPDATE Microsoft patched a zero-day in its JET Database Engine this week – but the patch was incomplete, according to researchers at 0patch. The company has developed a micropatch that corrects that hole, it said Friday. The memory corruption vulnerability CVE-2018-8423 could allow remote...