Collaborate Disseminate
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a secu… Continue reading Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
While IT administrators are mentally preparing themselves for yet another Patch Tuesday, Microsoft has announced Windows Autopatch: a new service that aims make the second Tuesday of every month “just another Tuesday.” About Windows Autopat… Continue reading Windows Autopatch: Managed enterprise patching for Windows and Office
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server (CVE-2022-21907). Vulnerabilities of note Among the publicly known flaws are a “c… Continue reading Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file format. The attackers took a publicly available proof-of-concept Office exploit an… Continue reading Attackers bypass Microsoft patch to deliver Formbook malware
It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to deliver Emotet/Trickbot/Bazaloader malware family. Vulnerabilities of note in… Continue reading Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The Passwordless account option “Beginning today, you can now completely remov… Continue reading Microsoft announces passwordless authentication option for consumers
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office users in “a limited number of targeted attacks,” Micr… Continue reading Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Microsoft 365 is used by over a billion users worldwide, so attackers are naturally deeply invested in compromising its security. One of the ways of making sure this suite of products is as secure as possible, is a bug bounty program. During an upcomin… Continue reading Finding 365 bugs in Microsoft Office 365
More and more security professionals are realizing that it’s impossible to fully secure a Windows machine – with all its legacy components and millions of potentially vulnerable lines of code – from within the OS. With attacks becoming more… Continue reading Using virtualization to isolate risky applications and other endpoint threats
A week after the April 2020 Patch Tuesday, Microsoft has released out-of-band security updates for its Office suite, to fix a handful of vulnerabilities that attackers could exploit to achieve remote code execution. At the same time, a security update … Continue reading Update MS Office, Paint 3D to plug RCE vulnerabilities