11 matches found
Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users
A spearphishing attack is spoofing Microsoft.com to target 200 million Microsoft Office 365 users in a number of key vertical markets, including financial services, healthcare, manufacturing and utility providers. Researchers at Ironscales discovered the campaign targeting several thousand...
Windows Malicious Software Removal Tool x64 - v5.84 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software including Blaster, Sasser, and Mydoom and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you sta...
Microsoft Windows: Turn off Registration (URL connection refers to Microsoft.com)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnoregistration.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Turn off Registration if URL connection is referring to Microsoft.com Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
microsoft.com XSS vulnerability
Open Bug Bounty ID: OBB-322461 Description| Value ---|--- Affected Website:| microsoft.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
mbs2.microsoft.com Open Redirect vulnerability
Vulnerable URL: https://mbs2.microsoft.com/MBSShare/SetLocale.aspx?ReturnURL=https://dpa-fwl.microsoft.com/redirect.html?rurl=https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.12.2017 Vulnerability type:| Open Redirect Vulnerability status:|...
Office 365 Vulnerability Identified Bogus Email as Valid
Details have been released on a simple Office 365 hack that incorrectly identifies spoofed emails pretending to be from the Microsoft.com domain as valid. The vulnerability being targeted was privately disclosed by Turkish security researcher Utku Sen, and was patched by Microsoft this month...
mbs2.microsoft.com Open Redirect vulnerability
Vulnerable URL: https://mbs2.microsoft.com/MBSShare/SetLocale.aspx?ReturnURL=https://careers.microsoft.com/signout.aspx?returnurl=//www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 08.05.2017 Latest check for patch:| 08.05.2017 02:46 GMT Vulnerability type:| Open...
Windows Media Player 11.0.0 (.wav) - Crash PoC
No description provided by source. Title : Windows Media Player 11.0.0 .wav Crash PoC Date: 2013-01-12 Software Link: http://windows.microsoft.com/fr-fr/windows/windows-media-player Vendor : http://www.commentcamarche.net/download/start/telecharger-34055100-windows-media-player Author: Asesino04...
Microsoft Windows Csrss HardError 消息多个安全漏洞
Microsoft Windows是一款流行的操作系统。 Microsoft Windows处理特殊参数的部分API调用时存在问题,本地攻击者可以利用漏洞获得敏感信息或对系统进行拒绝服务攻击。 Microsoft Windows的WINSRV.DLL在处理HardError消息时存在两次释放错误。攻击者如果把MessageBox函数的caption或text参数设置为以“??\”开始的字符串,那么畸形的参数会触发内核内存破坏,导致系统崩溃。 另外CSRSS.exe没有正确的验证由NtRaiseHardError传送的参数,可允许攻击者浏览CSRSS进程内存的内容,导致敏感信息泄露。...
Microsoft Windows SMB PIPE远程拒绝服务漏洞
Microsoft Windows是一款流行的操作系统。 Microsoft Windows srv.sys驱动存在NULL指针引用问题,远程攻击者可以利用漏洞对操作系统进行拒绝服务攻击。 发送特殊构建的网络包可导致服务驱动srv.sys引用NULL指针,而导致系统崩溃。ISS发现一个错误利用Windows Mailslot漏洞MS06-035的攻击代码已经流传开来,不过此利用代码恰好利用了一个不同的漏洞,并且没有补丁,其通过NULL指针引用来触发,目前没有详细漏洞细节提供。 Microsoft Windows XP Professional x64 Edition Microsoft...
Microsoft.com and NTDEV Domain Targeting for x86 and x64 (no IA64)
This detectoid resolves true if the users machine is a member a corp.microsoft.com or ntdev domain...