Categories: Business Tags: microsoft Tags: zero-day Tags: exploit Tags: CVE-2023-36884 Tags: storm-0978 Tags: email Tags: phish Tags: phishing Tags: Ukraine We take a look at reports of an exploit being deployed via booby trapped Word documents. |
The post Zero-day deploys remote code execution vulnerability via Word documents appeared first on Malwarebytes Labs.
Read more
Credit to Author: Paul Ducklin| Date: Thu, 13 Jul 2023 16:48:00 +0000
Latest episode – listen now! (Full transcript inside.)
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Apple Tags: Android Tags: Cisco Tags: Fortinet Tags: MOVEit Tags: Mozilla Tags: SAP Tags: VMware Tags: CVE-2023-32049 Tags: CVE-2023-35311 Tags: CVE-2023-32046 Tags: CVE-2023-36874 Tags: CVE-2023-36844 For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities, four of which are known to have been actively exploited. |
The post Update now! Microsoft patches a whopping 130 vulnerabilities appeared first on Malwarebytes Labs.
Read more
Credit to Author: Paul Ducklin| Date: Wed, 12 Jul 2023 18:57:00 +0000
Here’s a brief reminder to do two things. The first is to patch. The second is to read up why it’s a good idea to patch…
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: OAuth Tags: nOAuth Tags: IdP Tags: Azure Tags: Microsoft Tags: login with Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust. |
The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.
Read more
I’ve tracked Microsoft’s Windows patches for years and closely watched all of the changes the company has made. I remember when you had to install updates in a certain order — and watch for which one had to be installed first. I remember the arrival of automated patching using Software Update Services (later called Windows Server Update Services). I’ve seen how we went from a system where each vulnerability was patched individually to what we now have: cumulative patching.
The ideal patch is self-contained. Install, reboot, get back to your work. It causes no side effects. It protects the operating system. And you forget about it because it does what it’s supposed to do.
Microsoft has confirmed that recent outages to its popular services, including Outlook, Teams, OneDrive, and cloud computing platform Azure, were caused by a DDoS attack by a threat actor that the company tracks as Storm-1359.
Also known as Anonymous Sudan, Storm-1359 was first detected in January, targeting organizations and government agencies with DDoS attacks and efforts to exfiltrate data. The threat actor was initially assumed to be a “hacktivist” group protesting a controversial outfit at the Melbourne Fashion Week but has since been linked to the Russian state, according to several media reports.
Microsoft released 73 updates to its Windows, Office, and Visual Studio platforms on Patch Tuesday, with many of them dealing with core, but not urgent, security vulnerabilities. That’s a welcome respite from the previous six months of urgent zero-days and public disclosures. With that in mind, the Readiness testing team suggests a focus on printing and backup/recovery processes to make sure they’re not affected by this update cycle.
For the first time, we see a (non-Adobe) third-party vendor added to a Patch Tuesday release, with three minor plugin updates to Visual Studio for AutoDesk. Expect to see more such vendors added to Microsoft’s updates in the near future. The team at Readiness has created a useful infographic that outlines the risks associated with each of the updates.
Credit to Author: Paul Ducklin| Date: Thu, 15 Jun 2023 16:43:49 +0000
Latest episode – listen now! (Full transcript inside.)
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: CVE-2023-29357 Tags: CVE-2023-29363 Tags: CVE-2023-32014 Tags: CVE-2023-32015 Tags: CVE-2023-32013 Tags: CVE-2023-24897 Tags: CVE-2023-32031 Tags: SharePoint Tags: PGM Tags: Exchange Tags: Hyper-V Patch Tuesday of June 2023 is relatively relaxed. No actively exploited zero-days and only six critical vulnerabilities. |
The post Microsoft fixes six critical vulnerabilities in June Patch Tuesday appeared first on Malwarebytes Labs.
Read more