#MicrosoftVulnerabilities

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

December 10, 2024 by Xynik

December 10, 2024 at 01:38PM Several Microsoft vulnerabilities were reported, affecting various components such as Microsoft Defender, Edge, Office, SharePoint, and Windows services. Severity levels range from moderate to critical, with numerous remote code execution and elevation of privilege vulnerabilities listed, posing significant security risks to users and systems. ### Meeting Takeaways: CVE Vulnerabilities Overview … Read more

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

September 3, 2024 by Xynik

September 3, 2024 at 12:54AM Eight vulnerabilities found in Microsoft applications for macOS could allow an adversary to gain elevated privileges or access sensitive data. By exploiting the Transparency, Consent, and Control (TCC) framework, an attacker could leverage affected applications, circumventing user consent. The vulnerabilities impact apps like Outlook, Teams, Word, and Excel. Measures like … Read more

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities

August 20, 2024 by Xynik

August 20, 2024 at 08:24AM Cisco discovered vulnerabilities in multiple Microsoft applications for macOS, including Outlook, Teams, PowerPoint, OneNote, Excel, and Word. Attackers could exploit these flaws to bypass system permissions, allowing unauthorized activities such as sending emails, recording audio or video, and accessing sensitive information. Microsoft acknowledges the bugs but considers them low risk, … Read more

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

August 19, 2024 by Xynik

August 19, 2024 at 03:07PM Eight vulnerabilities in Microsoft’s macOS apps pose security risks by allowing unauthorized access to sensitive data, recording video and sound, and escalating privileges. Microsoft has been reluctant to address the issues, deeming them low risk and insisting that certain applications require the ability to load unsigned libraries. Apple’s security measures … Read more

Microsoft fixes Windows Server bug causing crashes, NTLM auth failures

May 14, 2024 by Xynik

May 14, 2024 at 03:15PM Microsoft has resolved an issue causing NTLM authentication failures and domain controller reboots after April’s Windows Server security updates. The problem affects domain controllers with high NTLM traffic and few primary DCs. The fix is included in the May 2024 cumulative updates. Admins unable to install the latest updates can … Read more

In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO

April 26, 2024 by Xynik

April 26, 2024 at 08:25AM SecurityWeek’s cybersecurity news roundup provides concise coverage of significant stories. This week, notable developments include a Chinese government-linked hack of Volkswagen, German police shutting down a DDoS attack service, and the NSA’s updates to the Commercial National Security Algorithm Suite. Other stories cover critical findings in Microsoft products, cybersecurity executive … Read more