70 matches found
Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches
Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. Alternative video link for Russia: On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch...
Candiru: Another Cyberweapons Arms Manufacturer
Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru. From the report: Summary: Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones,...
Patch Tuesday Dashboard Template Release
We know that many security teams rely on Microsoft’s patch cycle to remediate vulnerabilities in their environments. However, every month , Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed multiple vulnerabilities in several developer tools. A malicious party could potentially exploit them to execute arbitrary code and for a denial-of-service attack. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...
Threat Source newsletter for Sept. 10, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In our continued research on election security, we have a new video roundtable discussion up on our YouTube page. In this Q&A-style format, I ask our researchers questions about the work they’ve done researching disinformation aka...
Purple Fox EK Adds Microsoft Exploits to Arsenal
The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...
How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796)
Discover how to protect your systems against SMB vulnerabilities and the latest critical Microsoft vulnerabilities released...
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway RD Gateway, and Windows Remote Desktop Client. A remote attacker could exploit these...
Threat Source newsletter (Dec. 12, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re entering our Year in Review period. Now’s the time to look back on the top stories from 2019 and think about what we learned. In t...
Hackers Hit the Olympics, While Patch Tuesday and Meltdown / Spectre Keep IT Departments On Edge
This week offered a representative sampling of different corners of the cyber security world: The monthly Patch Tuesday, a brazen attack against the Olympics, new Meltdown and Spectre concerns, and a boost for Intel’s bug bounty program. Oh, and the gargantuan Equifax data breach may have been ev...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
It is an exploit module for Apache HTTP Server. The target pr...
Fewer User Rights on Windows Could Help A Ton
According to a newly released report, 64% of all the reported Microsoft vulnerabilities for 2009 could have been mitigated by using the principle of the least privileged accounts. Read the full article. ZDNet...
Threatpost News Wrap #5: Microsoft Vulnerabilities, DDoS Attacks
Threatpost editors Dennis Fisher and Ryan Naraine discuss the recent vulnerabilities in ActiveX controls, Microsoft’s slow response to the video control flaw and the slew of DDoS attacks against U.S. government and commercial sites. Download SHOW NOTES: MyDoom DDoS Attacks Likely Work of...
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Microsoft Products Original release date: April 13, 2004 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call RPC and Distributed Component Object Mod...
MS03-029: Flaw in Windows Function may allow DoS (823803)
The remote host is running a version of Windows NT 4.0 that has a flaw in one of its functions that could allow a user to cause a denial of service on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11802; scriptversion"1.34"; scriptcvsdate"Date: 2018/11/15...
SILLY BEHAVIOR Part II : Internet Explorer 5.5 - 6.0
Thursday, May 1, 2003 The following represents a trivial yet elaborate method of injecting arbitrary html into the "My Computer" zone on win98 using the Internet Explorer series of browsers. The manufacturer, commonly known as "Microsoft" has a done a splendid job of battening down the hatches wi...
Automatically opening IE + Executing attachments
GreyMagic Security Advisory GM002-IE ===================================== By GreyMagic Software, Israel. 22 Mar 2002. Available in HTML format at http://security.greymagic.com/adv/gm002-ie/ Topic: Automatically opening IE + Executing attachments. Discovery date: 15 Mar 2002. Important note:...
ms-personal-webserver-path.txt
Personal web server kiborg [email protected] Wed, 17 Jan 1996 22:30:13 +0200 Hello, Sorry if this has already been known. But i didn't find something of the sort. While playing with Microsoft Personal Web Server Frontpage-PWS32/3.0.2.926. I found that the following URL will list the root directo...
2022-08 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5016686)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
2022-09 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5017371)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...