Microsoft patched 126 vulnerabilities in their January 2022 Patch Tuesday release. Out of these, nine are rated as critical severity. As of this writing, none of the 126 vulnerabilities are known to be actively exploited. Microsoft has fixed problems in their software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, … Continue reading “Microsoft Windows security update for January 2022 addresses 126 Vulnerabilities with 9 rated as Critical”
Tag: microsoft
Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)
Following the release of a proof-of-concept (PoC) tool on December 12, Microsoft is advising users to repair two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278) in Active Directory domain controllers that it addressed in November. Both flaws are categorized as “Windows Active Directory domain service privilege-escalation” flaws with a CVSS criticality score of 7.5 out of … Continue reading “Microsoft Active Directory Domain Services (AD DS) Privilege Escalation Vulnerability (CVE-2021-42278 & CVE-2021-42287)”
Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)
Security researchers have discovered an unpatched Windows OS security vulnerability that could allow information disclosure and local privilege escalation (LPE). The flaw (CVE-2021-24084) has yet to be officially fixed, making it an important vulnerability. However, an unofficial patch has been released as a workaround. The vulnerability affects the Windows Mobile Device Management component, and it could allow unauthorized access to the filesystem and the reading of arbitrary data. … Continue reading “Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)”
Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)
Attackers are actively exploiting a zero-day vulnerability in Windows Installer. The vulnerability was found after a Microsoft patch for another security weakness failed to adequately repair the initial and unrelated bug. A security researcher found this Windows Installer Elevation of Privilege vulnerability termed as CVE-2021-41379. The vulnerability allows threat actors with limited access to a compromised device to elevate … Continue reading “Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)”
Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws
Microsoft October 2021 patch Tuesday has arrived with the latest updates! In this month’s security update, Microsoft has fixed a total of 74 flaws including four zero-day vulnerabilities. Out of these 74 vulnerabilities, three are classified as Critical, 70 as Important, and one as Low. This update covers the products such as Microsoft Office, Exchange Server, MSHTML, Visual Studio, and the Edge … Continue reading “Microsoft Windows security update for October 2021 addresses four zero-days and 71 flaws”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office, Microsoft has warned on Tuesday. Tricking victims into running malicious executables remains a popular method for getting a foothold into organizations. Numerous attempts to exploit MSHTML to compromise Microsoft Windows have … Continue reading “Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)”
Microsoft Windows Privilege Escalation Vulnerability (CVE-2021-1732)
On the second Patch Tuesday of 2021, Microsoft published advisories to address 56 new security vulnerabilities. Of these, nine were rated as critical and one is actively exploited in the wild. Elevation of Privileges in Windows Kernel (CVE-2021-1732) This bug is in the Windows Win32k operating system kernel. It allows a logged-in user to execute … Continue reading “Microsoft Windows Privilege Escalation Vulnerability (CVE-2021-1732)”
Privilege Escalation in Microsoft Windows (Zero-Day)
In June, Microsoft released a patch for a vulnerability in Windows Kernel (CVE-2020-0986), which was fixed with a patch. However, attackers could still exploit this vulnerability using a different methodology (CVE-2020-17008). CVE-2020-0986 – Old Vulnerability An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. This flaw was … Continue reading “Privilege Escalation in Microsoft Windows (Zero-Day)”
GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713)
On 29th July 2020, a team of security researchers disclosed a high priority bug in GRUB2(GRand Unified Bootloader version 2) , affecting billions of Linux and Windows systems using secure boot. CVE-2020-10713 is assigned to this buffer overflow vulnerability, termed as “Boothole”. “Boothole” Secure Boot is designed to verify all the firmware of the computer … Continue reading “GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713)”