August 10, 2024 at 01:45AM Microsoft has disclosed an unpatched zero-day in Office (CVE-2024-38200) that could lead to unauthorized disclosure of sensitive information to malicious actors. A patch is expected on August 13, with an alternative fix already enabled. Three mitigation strategies have been outlined. Microsoft is also working on addressing other zero-day flaws in … Read more
June 11, 2024 at 01:37PM The following are important security vulnerabilities related to Microsoft products such as Azure, Dynamics, Microsoft Edge, Windows, and Office, with some marked as critical. These include elevation of privilege, remote code execution, and information disclosure vulnerabilities. It is crucial to address these issues promptly to ensure system security. Based on … Read more
April 27, 2024 at 08:54AM Cybersecurity researchers have detected a targeted cyber attack on Ukraine utilizing a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. The attack involves exploiting a PowerPoint file to execute remote code, leading to the injection of a malicious payload. The attack’s exact purpose and the responsible threat actor remain … Read more
April 18, 2024 at 12:55PM Microsoft Office LTSC 2024, a volume-licensed and perpetual version for commercial users, is available for Windows and macOS. Designed for devices unable to update frequently and with no internet access, it will have fewer features than Microsoft 365 Apps, with enhancements in performance, security, and accessibility. The preview program includes … Read more
November 28, 2023 at 05:36AM Researchers have discovered a cyber attack technique called “forced authentication” that can leak a Windows user’s NT LAN Manager (NTLM) tokens. The attack exploits a feature in Microsoft Access that allows users to link to external data sources, and it can be launched by tricking a victim into opening a … Read more
November 1, 2023 at 10:49AM Cybercriminals are increasingly using macro-enabled Excel add-in (XLL) files in malware attacks, according to HP Wolf Security. XLL files are now the seventh most commonly abused file extension, offering attackers greater capabilities than other options. Attackers have been experimenting with different file types since Visual Basic for Applications (VBA) macros … Read more