.NET Archives - Securezoo

Microsoft May 2021 Security Updates include fixes for 4 Critical and 3 zero-day vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / May 12, 2021 / .NET, CVE-2021-26419, CVE-2021-28476, CVE-2021-31166, CVE-2021-31194, HTTP Protocol Stack, Hyper-V, Microsoft, OLE Automation, Scripting Engine

Microsoft has released the May 2021 Security updates that includes patches for 55 vulnerabilities, 4 of those rated Critical. The updates also include fixes for 3 zero-day flaws.

Microsoft February 2021 Security Updates, warns of Win32k Privilege Escalation vulnerability exploited in wild (updated)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 12, 2021 / .NET, Azure, CVE-2021-1732, Developer Tools, DNS Server, Edge, Exchange Server Office, IOT, Kubernetes, Microsoft Dynamics, PFX Encryption, PKU2U, PowerSHell, Skype for Business, SysInternals, System Center, TCP/IP, Visual Studio

Microsoft has released the February 2021 Security updates that includes patches for 56 vulnerabilities, 11 of those rated Critical. Moreover, the tech giant warned of a Win32k Privilege Escalation vulnerability CVE-2021-1732 exploited in wild.

Microsoft January 2021 Security Updates (to include zero-day RCE patch)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 13, 2021 / .NET, ASP.NET, Azure, CVE-2021-1643, CVE-2021-1647, CVE-2021-1658, CVE-2021-1660, CVE-2021-1665, CVE-2021-1666, CVE-2021-1667, CVE-2021-1668, CVE-2021-1673, CVE-2021-1705, Edge, Malware Protection Engine, Microsoft Edge, Microsoft Office, Microsoft Windows, SQL Server, Visual Studio, Windows

Microsoft has released the January 2021 Security updates that includes patches for 83 vulnerabilities, 10 of those rated Critical and 1 zero-day RCE vulnerability CVE-2021-1647 in Microsoft Defender.

SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)

Malware / By Frank Crast / December 29, 2020 / .NET, API, Cyberattack, malware, SolarWinds, Sunburst, Supernova, Unit 42, webshell

SolarWinds has released an updated security advisory on SUPERNOVA malware, a separate threat vector from the previously reported supply chain cyberattack that was based on SUNBURST backdoor malware. The update now includes new information on 0-day CVE-2020-10148 and PoC demo.

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 16, 2020 / .NET, Adobe, codecs, CVE-2020-16898, CVE-2020-16951, CVE-2020-16952, CVE-2020-17022, CVE-2020-17023, Dynamics, Exchange Server, Flash Player, JET Database, Microsoft, Open Source, PowerSHell, Visual Studio, Windows

Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical “Bad Neighbor” vulnerability and two out-of-band patches.

Microsoft May 2020 Security Updates (16 Critical vulnerabilities fixed)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 13, 2020 / .NET, .NET Core, Autodesk, ChakraCore, CVE-2020-1023, CVE-2020-1024, CVE-2020-1028, CVE-2020-1037, CVE-2020-1062, CVE-2020-1064, CVE-2020-1065, CVE-2020-1069, CVE-2020-1093, CVE-2020-1102, CVE-2020-1117, CVE-2020-1126, CVE-2020-1136, CVE-2020-1153, Edge, Internet Explorer, Microsoft Dynamics, OpenSSL, Power BI, Visual Studio, Windows Defender

Microsoft released the May 2020 Security Updates that includes 111 unique vulnerability fixes, 16 of those rated critical.

Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 15, 2020 / .NET, ASP.NET, CryptoAPI, Internet Explorer, Microsoft, OneDrive, RDP

Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.

.NET