Microsoft has released fixes for 84 security flaws in its July 2022 edition of Patch Tuesday. This month’s update includes a fix for one zero-day (CVE-2022-22047). Out of the 84 vulnerabilities, four are rated as critical. All the critical vulnerabilities are Remote Code Execution (RCE). Microsoft also released two Microsoft Edge (Chromium-Based) security updates earlier … Continue reading “Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday”
Tag: Microsoft Office
Microsoft Patches 145 Vulnerabilities with 10 rated as Critical and Two Zero-Days in April 2022 Patch Tuesday
Microsoft has released security fixes for several vulnerabilities including patches for zero-day vulnerabilities in its April 2022 Patch Tuesday. Microsoft addresses 145 vulnerabilities in their April 2022 Patch Tuesday release. Out of these 145 vulnerabilities, 10 are rated as critical. The release also includes fixes for two zero-day vulnerabilities out of which one is known … Continue reading “Microsoft Patches 145 Vulnerabilities with 10 rated as Critical and Two Zero-Days in April 2022 Patch Tuesday”
Identify and Remediate Most Exploited Vulnerabilities in last 5 years using VMDR
Summary: Amidst the global pandemic time period, DHS CISA and FBI share list of top 10 most exploited vulnerabilities on May 12,2020. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI), urges organizations in the public and private sector to apply necessary updates in order to … Continue reading “Identify and Remediate Most Exploited Vulnerabilities in last 5 years using VMDR”
Microsoft Office Memory Corruption Vulnerability: CVE-2018-0802
A stack overflow vulnerability in “Microsoft Equation Editor” was disclosed to Microsoft. This vulnerability has been assigned CVE-2018-0802. A similar vulnerability was disclosed in the same component in August 2017 – CVE-2017-11882 which overflowed the stack and was able to execute commands by calling the WinExec() within the EQNEDT32.EXE code base using a static address. CVE-2018-0802 follows a similar … Continue reading “Microsoft Office Memory Corruption Vulnerability: CVE-2018-0802”
Microsoft Office Memory Corruption Vulnerability : CVE-2017-11882
In the month of August a buffer overflow vulnerability was discovered in the in the “Microsoft Equation Editor”, the vulnerability has been assigned CVE-2017-11882. As the name suggests it is used for inserting and editing equations MS Office documents. The component in question was compiled without SafeSEH,NX,DEP,ASLR,CFG. All of which protect the machine from a wide … Continue reading “Microsoft Office Memory Corruption Vulnerability : CVE-2017-11882”
Execution of Untrusted Microsoft Office Macros Permitted
Microsoft Office is an office suite of applications, servers, and services developed by Microsoft for Windows and Mac OS platforms. The suite most notably consists of applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, Microsoft Publisher, Microsoft Project, Microsoft Visio, Microsoft Outlook among others. In addition to features such as word processing, … Continue reading “Execution of Untrusted Microsoft Office Macros Permitted”
Windows OLE Zero-Day Vulnerability
An exploit for an unpatched Windows OLE vulnerability has been observed in the wild. The user opens a document containing the embedded exploit, which executes a Visual Basic script. The vulnerability was initially reported by Ryan Hanson . As per McAfee the earliest attack were observed in late January 2017. The exploit works against all Microsoft … Continue reading “Windows OLE Zero-Day Vulnerability”