RCE Archives - Securezoo

Microsoft March 2023 Security Updates Fixes 101 Vulnerabilities (9 Critical, 2 zero-days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / March 14, 2023 / CVE-2023-21708, CVE-2023-23392, CVE-2023-23397, CVE-2023-23404, CVE-2023-23411, CVE-2023-23415, CVE-2023-23416, CVE-2023-24880, ICMP, Outlook, RCE, SmartScreen, Windows

The Microsoft March 2023 Security Updates includes patches and advisories for 101 vulnerabilities, including 9 Critical severity issues and two zero-days exploited in the wild.

Microsoft February 2023 Security Updates addresses 79 vulnerabilities (9 rated Critical, 3 zero days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / February 16, 2023 / CVE-2023-21715, CVE-2023-21823, CVE-2023-23376, PEAP, RCE

The Microsoft February 2023 Security Updates includes patches and advisories for 79 vulnerabilities, including 9 Critical severity remote code execution issues and three zero-days exploited in the wild.

Linux Kernel ksmbd Use-After-Free RCE Vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 28, 2022 / kernel, Linux, RCE, SMB3, ZDI

Security researchers have discovered a Critical remote code execution (RCE) vulnerability in Linux 5.15 Kernel Server Message Block (SMB) server, ksmbd.

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 12, 2022 / Active Directory, Azure, CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-34689, CVE-2022-37968, CVE-2022-37976, CVE-2022-37979, CVE-2022-38000, CVE-2022-38047, CVE-2022-38048, CVE-2022-41033, CVE-2022-41034, CVE-2022-41038, CVE-2022-41081, EoP, Hyper-V, Kubernetes, Office, Point-to-Point, PPT, RCE, SharePoint, Vulnerabilities

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

CISA adds Critical Microsoft diagnostics tool vulnerability to Catalog of exploited vulnerabilities

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / June 16, 2022 / CVE-2022-30190, Cybersecurity Threat Center, exploits, Follina, Microsoft, MSDT, RCE, Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Support Diagnostic Tool (MSDT) vulnerability CVE-2022-30190 (aka “Follina”) to its Known Exploited Vulnerabilities Catalog.

Microsoft June 2022 Security Updates addresses 55 vulnerabilities (3 Critical)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / June 14, 2022 / CVE-2022-30136, CVE-2022-30139, CVE-2022-30163, Cybersecurity Threat Center, HyperV, LDAP, Microsoft, NFS, RCE, Vulnerabilities

The Microsoft June 2022 Security Updates includes patches and advisories for 55 vulnerabilities, three of those rated Critical severity.

Microsoft February 2022 Security Updates (fixes for 16 RCEs, 1 zero-day)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 9, 2022 / Azure, CVE-2013-3900, HEVC, Microsoft Dynamics, Microsoft Office, RCE, SharePoint, Windows

It was a relatively light Patch Tuesday for Microsoft this month. The Microsoft February 2022 Security Updates includes patches and advisories for 50 vulnerabilities, 16 of those remote code execution flaws and one zero-day (CVE-2022-21989). None are rated Critical.

Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 30, 2021 / Apache, CVE-2021-44832, Log4j, RCE

The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.

Microsoft warns of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444) — Updated

Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 15, 2021 / CVE-2021-40444, Microsoft, MSHTML, RCE

Microsoft has warned of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444). The tech giant also released workarounds for the threat until a permanent fix is released.

Fortinet patches High risk RCE vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 20, 2021 / CVE-2021-32589, FortiAnalyzer, FortiManager, Fortinet, RCE

Fortinet has patched a High risk use-after-free vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer fgfmsd daemon. An attacker could exploit the vulnerability to launch remote code execution (RCE) as root and take control of an impacted system.