Cybersecurity
Urgent: Microsoft 365 Apps being exploited in wild via CVSS 9.8 bug
Get domain admin by... just emailing the domain admin?
Cybersecurity
Microsoft’s Valentine’s Day gift: Patches for 3 CVEs being exploited
February’s Patch Tuesday brings the post-Valentine’s Day hangover of 75 bug fixes from Microsoft including three for CVEs known to be exploited in the wild: CVE-2023-21715, CVE-2023-23376 , and CVE-2023-21823. Strikingly, more than half of the bugs fixed this month are remote code execution (RCE) vulnerabilities. (A record 26,
Cybersecurity
Gird your loins: Patch Tuesday’s back
It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are critical, one CVE-2023-21674 is being actively exploited and another gives unauthenticated remote access to your SharePoint Server – and requires not just the patch but a “SharePoint upgrade action”
Cybersecurity
2022's last Patch Tuesday brings Citrix, VMware, MSFT zero days
Critical Citrix, VMware, Microsoft vulnerabilities all need patching
Cybersecurity
Patch Tuesday: MSFT key storage bug exploited, gives SYSTEM
Six MSFT vulns being actively exploited. Get patchin'
Cloud
This Azure bug is a perfect CVSS 10, gives you control over K8s clusters
A critical vulnerability in an Azure tool that lets users manage Kubernetes clusters can be exploited remotely without authentication to gain administrative control over Kubernetes clusters, as well as Azure edge devices. The vulnerability, allocated a maximum possible CVSS (severity rating) score of 10 has been allocated CVE-2022-37968. It is
Cybersecurity
Patch Tuesday: Critical Windows TCP/IP vuln allows bad packets to gain pre-auth RCE, plus 0day
More than half the release involves RCE - time to get patching.
Cybersecurity
Windows zero day under attack was first reported in 2019
More Microsoft Windows Support Diagnostic Tool goodness...
Cybersecurity
Patch Tuesday: Exploited Windows 0day, zero-click pre-auth RCE vuln in RPC
Those 700,000 folks with RPC exposed to the internet should probably...
Cybersecurity
A million Microsoft machines exposed to a zero click, CVSS 9.8 bug
Over a million Microsoft machines appear potentially exposed to a wormable critical new vulnerability, CVE-2022-26809 in Microsoft's ubiquitous remote procedure call (RPC) runtime library. (RPC is as an inter-process communication mechanism for data exchange and functionality invocation in a different process -- a process which can be on
Cybersecurity
Fix this humdinger of an SAP bug now! It's CVSS 10 and trivial to exploit
Patch Tuesday was otherwise so relaxed...
Cybersecurity
Google sees most CVEs in 2021 -- as eyes turn to 2022's first Patch Tuesday
Some 54 software vulnerabilities including 7 critical bug patches landed daily in 2021