OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub

Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a...

Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...

Microsoft Windows Backup Engine Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems used for personal devices.Microsoft Windows Server is a set of server operating systems.Windows Backup Engine is one of the Windows backup engines. An elevation of privilege vulnerability exists in Microsoft Windows Backup Engine. An attacker can...

Preventing Insider Threats in Your Active Directory

Active Directory AD is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many internal users have over-provisioned access and visibility in...

Microsoft Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability

Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A security feature bypass vulnerability exists in Microsoft Windows Portable Device Enumerator Service, which could be exploited by an attacker to compromise the confidentiality, integrity, or The...

Microsoft Windows Security Support Provider Interface Information Disclosure Vulnerability

Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA. An attacker could exploit the vulnerability to gain access to sensitive information...

Microsoft Windows Connected User Experiences and Telemetry Privilege Elevation Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows Connected User Experiences and Telemetry, a set of operating systems for personal devices from Microsoft Corporation USA. An attacker could exploit the vulnerability to cause an elevation of privilege...

Microsoft Windows Event Logging Service Denial of Service Vulnerability

A denial of service vulnerability exists in Microsoft Windows Event Logging Service, an operating system used by Microsoft for personal devices. The vulnerability stems from a failure to properly handle incoming error messages, and an attacker could exploit the vulnerability to cause a denial of...

Cybersecurity awareness tips from Microsoft to empower your team to #BeCyberSmart

October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of persona...

Unspecified Vulnerability in Microsoft Windows (CNVD-2022-63614)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A security vulnerability exists in Microsoft Windows IKE Extension. No details of the vulnerability are provided at this time...

Discover 5 lessons Microsoft has learned about compliance management

Compliance management is a complex process—one that gets increasingly more complicated the larger an organization grows. Microsoft knows this firsthand, not only because of our experience providing Security and Compliance solutions to customers but also because of the global reach and...

Discover 5 lessons Microsoft has learned about compliance management

Compliance management is a complex process—one that gets increasingly more complicated the larger an organization grows. Microsoft knows this firsthand, not only because of our experience providing Security and Compliance solutions to customers but also because of the global reach and...

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar

It’s been roughly two months since Russia first launched its unprovoked invasion of Ukraine. Since then, the world has borne witness to unspeakable tragedy. While damaged and destroyed property can and will be rebuilt; the death and despair incurred by Ukrainians will leave a lasting imprint acro...

Microsoft Windows DiskUsage.exe remote code execution vulnerability

Microsoft Windows DiskUsage.exe is a remote code execution vulnerability in Microsoft Windows, an operating system used by personal devices. The vulnerability stems from the failure of a network system or product to properly filter special elements in code segments constructed from external input...

Microsoft Windows Graphics Component remote code execution vulnerability

Microsoft Windows is an operating system for personal devices, Microsoft Windows Server is a server operating system, and Graphics Components is one of the graphics components. Microsoft Windows Graphics Component is vulnerable to remote code execution, which can be exploited by attackers to...

Microsoft Windows Telephony Serve Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Telephony Server. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An...

Microsoft Windows Upgrade Assistant Remote Code Execution Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Upgrade Assistant. The vulnerability stems from improper handling of input data and can be exploited by an attacker to...

Microsoft Windows Secure Channel Denial of Service Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A denial of service vulnerability exists in Microsoft Windows Secure Channel. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited by ...

Microsoft Windows Cluster Client Failover Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Cluster Client Failover. The vulnerability stems from an incorrect programmatic call to an advanced local procedure...

Microsoft Windows Digital Media Receiver Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Digital Media Receiver. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. ...