Lucene search
+L

70 matches found

Information Security Automation
Information Security Automation
added 2022/06/25 12:32 p.m.81 views

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. Alternative video link for Russia: On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch...

10CVSS9.3AI score0.99374EPSS
Exploits67
Schneier on Security
Schneier on Security
added 2021/07/19 3:54 p.m.245 views

Candiru: Another Cyberweapons Arms Manufacturer

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report: Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones,...

7.2CVSS0.2AI score0.06255EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/11 8:51 p.m.73 views

Patch Tuesday Dashboard Template Release

We know that many security teams rely on Microsoft’s patch cycle to remediate vulnerabilities in their environments. However, every month , Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these...

7.7AI score
Exploits0
NCSC
NCSC
added 2021/02/09 12:0 a.m.6 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code and for a denial-of-service attack. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...

9.8CVSS7.5AI score0.30315EPSS
Exploits2
Talos Blog
Talos Blog
added 2020/09/10 11:0 a.m.17 views

Threat Source newsletter for Sept. 10, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they’ve done researching disinformation aka...

1.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/06 3:21 p.m.21548 views

Purple Fox EK Adds Microsoft Exploits to Arsenal

The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...

7.6CVSS8.4AI score0.86863EPSS
Exploits83References23
Akamai Blog
Akamai Blog
added 2020/03/17 8:12 p.m.122 views

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796)

Discover how to protect your systems against SMB vulnerabilities and the latest critical Microsoft vulnerabilities released...

10CVSS2.6AI score0.9981EPSS
Exploits125
CISA
CISA
added 2020/01/14 12:0 a.m.12 views

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway RD Gateway, and Windows Remote Desktop Client. A remote attacker could exploit these...

6.9AI score
Exploits0References6
Talos Blog
Talos Blog
added 2019/12/12 11:0 a.m.44 views

Threat Source newsletter (Dec. 12, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about what we learned. In t...

7.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/02/16 5:6 p.m.160 views

Hackers Hit the Olympics, While Patch Tuesday and Meltdown / Spectre Keep IT Departments On Edge

This week offered a representative sampling of different corners of the cyber security world: The monthly Patch Tuesday, a brazen attack against the Olympics, new Meltdown and Spectre concerns, and a boost for Intel’s bug bounty program. Oh, and the gargantuan Equifax data breach may have been ev...

9.3CVSS7.3AI score0.93838EPSS
Exploits13
GithubExploit
GithubExploit
added 2018/01/16 5:49 a.m.59 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

It is an exploit module for Apache HTTP Server. The target pr...

9.3CVSS9.5AI score0.99945EPSS
Exploits36
ThreatPost
ThreatPost
added 2010/04/01 4:5 p.m.7 views

Fewer User Rights on Windows Could Help A Ton

According to a newly released report, 64% of all the reported Microsoft vulnerabilities for 2009 could have been mitigated by using the principle of the least privileged accounts. Read the full article. ZDNet...

1.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2009/07/13 8:27 p.m.13 views

Threatpost News Wrap #5: Microsoft Vulnerabilities, DDoS Attacks

Threatpost editors Dennis Fisher and Ryan Naraine discuss the recent vulnerabilities in ActiveX controls, Microsoft’s slow response to the video control flaw and the slew of DDoS attacks against U.S. government and commercial sites. Download SHOW NOTES: MyDoom DDoS Attacks Likely Work of...

3.5AI score
Exploits0References6
securityvulns
securityvulns
added 2004/04/14 12:0 a.m.119 views

US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Microsoft Products Original release date: April 13, 2004 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call RPC and Distributed Component Object Mod...

10CVSS0.5AI score0.8615EPSS
Exploits17
Tenable Nessus
Tenable Nessus
added 2003/07/23 12:0 a.m.25 views

MS03-029: Flaw in Windows Function may allow DoS (823803)

The remote host is running a version of Windows NT 4.0 that has a flaw in one of its functions that could allow a user to cause a denial of service on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11802; scriptversion"1.34"; scriptcvsdate"Date: 2018/11/15...

5CVSS5.6AI score0.07706EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/05/03 12:0 a.m.28 views

SILLY BEHAVIOR Part II : Internet Explorer 5.5 - 6.0

Thursday, May 1, 2003 The following represents a trivial yet elaborate method of injecting arbitrary html into the "My Computer" zone on win98 using the Internet Explorer series of browsers. The manufacturer, commonly known as "Microsoft" has a done a splendid job of battening down the hatches wi...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/03/22 12:0 a.m.28 views

Automatically opening IE + Executing attachments

GreyMagic Security Advisory GM002-IE ===================================== By GreyMagic Software, Israel. 22 Mar 2002. Available in HTML format at http://security.greymagic.com/adv/gm002-ie/ Topic: Automatically opening IE + Executing attachments. Discovery date: 15 Mar 2002. Important note:...

6AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.38 views

ms-personal-webserver-path.txt

Personal web server kiborg [email protected] Wed, 17 Jan 1996 22:30:13 +0200 Hello, Sorry if this has already been known. But i didn't find something of the sort. While playing with Microsoft Personal Web Server Frontpage-PWS32/3.0.2.926. I found that the following URL will list the root directo...

7.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.12 views

2022-08 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5016686)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

1.5AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.13 views

2022-09 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5017371)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

1.5AI score
Exploits0
Rows per page
Query Builder