Microsoft

Microsoft releases patch for Autodesk FBX library RCE vulnerabilities

Microsoft has released a new patch for multiple remote code execution (RCE) vulnerabilities in software that uses the Autodesk FBX library.

Microsoft releases patch for Autodesk FBX library RCE vulnerabilities Read More »

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated) Read More »

Microsoft March 2020 Security Updates, fix for SMBv3 RCE vulnerability (updated)

Microsoft released the March 2020 Security Updates that include 115 unique vulnerability fixes, 26 of those rated critical. This is the largest patch release in Microsoft’s history. Microsoft also issued guidance and a new security update to fix an SMBv3 RCE vulnerability dubbed SMBGhost.

Microsoft March 2020 Security Updates, fix for SMBv3 RCE vulnerability (updated) Read More »

Microsoft February 2020 Security Updates (includes IE zero-day fix)

Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.

Microsoft February 2020 Security Updates (includes IE zero-day fix) Read More »

Threat actors are launching web shell attacks

Security experts from Microsoft have revealed threat actors are increasingly using web shell attacks in their campaigns. Microsoft’s investigation revealed actors such as ZINC, KRYPTON, and GALLIUM, exploit known vulnerabilities to implant web shells on internet-facing web servers.

Threat actors are launching web shell attacks Read More »

Microsoft introduces Application Inspector

Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to “identify interesting features in source code” and can help enable developers understand software components your apps use.

Microsoft introduces Application Inspector Read More »

Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674)

Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.

Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674) Read More »

Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability)

Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.

Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability) Read More »