An expert discovered that over 250 million Microsoft customer support records might have been exposed along with some personally identifiable information. The popular researcher Bob Diachenko found an unprotected database containing over 250 million customer support records along with some personally identifiable information. The unprotected archive was containing support requests submitted to the tech giant […]
Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability (CVE-2020-0674) that is currently being exploited in the wild. Microsoft has published a security advisory (ADV200001) that includes mitigations for a zero-day remote code execution (RCE) vulnerability, tracked as CVE-2020-0674, affecting Internet Explorer. The tech giant confirmed that the CVE-2020-0674 zero-day […]
Researchers published proof-of-concept (PoC) code exploits for a recently-patched CVE-2020-0601 flaw in the Windows operating system reported by NSA. Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). Microsoft Patch Tuesday updates for January 2020 address a […]
Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions. […]
Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. The hackers target Microsoft users impersonating the company, according to a lawsuit unsealed Dec. 27 in […]
Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 flaws, including CVE-2019-1458 Windows zero-day exploited in North Korea-linked attacks Microsoft’s December 2019 Patch Tuesday updates address a total of 36 flaws, including a Windows zero-day, tracked as CVE-2019-1458 exploited in attacks linked to North Korea. The vulnerability could be exploited to execute arbitrary […]
A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365 […]
Microsoft October 2019 Patch Tuesday addressed a total of 59 vulnerabilities. 9 of which are rated as critical and 49 as important. The tech giant released its October 2019 Patch Tuesday security updates to address a total of 59 vulnerabilities in Windows operating systems and other software, 9 of which are rated as ‘critical’, 49 are […]
Patches for Internet Explorer Zero-Day Causing Problems for Many Users Microsoft released a new set of patches for a zero-day flaw in Internet Explorer recently fixed due to problems reported by users with the previous patch. On September 23, Microsoft released an out-of-band patch to address a zero-day memory corruption flaw in Internet Explorer (CVE-2019-1367) that […]
Microsoft announced last week it is going to expand the list of file extensions that are blocked in Outlook on the web. Microsoft announced that it will immediately block other file extensions for its Outlook web users, it will impossible for them to download this type of attachments. Microsoft pointed out that the newly blocked […]