Microsoft has released the new set of security patches in the Patch Tuesday, May 2022 edition. This Patch Tuesday security advisory addressed 75 vulnerabilities including one advisory (ADV220001) for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability. Out of these 75 vulnerabilities, eight are classified as Critical. This … Continue reading “Microsoft Patches 75 Vulnerabilities Including 3 Zero-days and 8 Rated as Critical in May 2022 Patch Tuesday”
Tag: microsoft
Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)
Microsoft has released a patch addressing a flaw in the Azure Data Factory and Azure Synapse pipelines (tracked as CVE-2022-29972). The flaw affects the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a … Continue reading “Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)”
Microsoft Patches 145 Vulnerabilities with 10 rated as Critical and Two Zero-Days in April 2022 Patch Tuesday
Microsoft has released security fixes for several vulnerabilities including patches for zero-day vulnerabilities in its April 2022 Patch Tuesday. Microsoft addresses 145 vulnerabilities in their April 2022 Patch Tuesday release. Out of these 145 vulnerabilities, 10 are rated as critical. The release also includes fixes for two zero-day vulnerabilities out of which one is known … Continue reading “Microsoft Patches 145 Vulnerabilities with 10 rated as Critical and Two Zero-Days in April 2022 Patch Tuesday”
Microsoft Patches 92 Vulnerabilities in March 2022 Patch Tuesday including 3 Zero-days
Microsoft has released security fixes for several vulnerabilities including patches for zero-day vulnerabilities in its March 2022 Patch Tuesday. Microsoft addresses 92 vulnerabilities in their March 2022 Patch Tuesday release. Out of these 92 vulnerabilities, three (3) are rated as critical. The release also includes fixes for three (3) publicly disclosed zero-day vulnerabilities. As of … Continue reading “Microsoft Patches 92 Vulnerabilities in March 2022 Patch Tuesday including 3 Zero-days”
Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical
Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in their software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, … Continue reading “Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical”
Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)
Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in Active Directory domain controllers that it addressed in November. Both flaws are categorized as “Windows Active Directory domain service privilege-escalation” flaws with a CVSS criticality score of 7.5 out of … Continue reading “Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)”
Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)
Security researchers have discovered an unpatched Windows OS security vulnerability that could allow information disclosure and local privilege escalation (LPE). The flaw (CVE-2021-24084) has yet to be officially fixed, making it an important vulnerability. However, an unofficial patch has been released as a workaround. The vulnerability affects the Windows Mobile Device Management component, and it could allow unauthorized access to the filesystem and the reading of arbitrary data. … Continue reading “Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)”
Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)
Attackers are actively exploiting a zero-day vulnerability in Windows Installer. The vulnerability was found after a Microsoft patch for another security weakness failed to adequately repair the initial and unrelated bug. A security researcher found this Windows Installer Elevation of Privilege vulnerability termed as CVE-2021-41379. The vulnerability allows threat actors with limited access to a compromised device to elevate … Continue reading “Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)”
Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws
Microsoft October 2021 patch Tuesday has arrived with the latest updates! In this month’s security update, Microsoft has fixed a total of 74 flaws including four zero-day vulnerabilities. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one as Low. This update covers the products such as Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge … Continue reading “Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”