October 12, 2023 at 01:36PM Microsoft has introduced a new AI bounty program for the AI-driven Bing experience, offering rewards up to $15,000. The program covers vulnerabilities found in AI-powered Bing experiences across various services and products, including bing.com, Microsoft Edge, Microsoft Start Application, and Skype Mobile Application. Qualified submissions are eligible for bounty rewards … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more
October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for … Read more
October 11, 2023 at 03:12AM Microsoft has released its October 2023 Patch Tuesday updates, addressing 103 flaws, two of which are actively being exploited. Among the vulnerabilities are information disclosure in Microsoft WordPad and privilege escalation in Skype for Business. Microsoft also fixed flaws in Microsoft Message Queuing and Layer 2 Tunneling Protocol. Additionally, Microsoft … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 02:36PM Microsoft released a large batch of software and OS updates to address over 100 vulnerabilities across Windows systems. They warned that three of these vulnerabilities are already being exploited. The updates also targeted a zero-day vulnerability in HTTP/2 Rapid Reset that exposed the internet to DDoS attacks. Two other zero-day … Read more
October 10, 2023 at 06:06PM Microsoft’s October Patch Tuesday update addressed two zero-day vulnerabilities that were actively being attacked, affecting Microsoft WordPad and Skype for Business. A critical-rated bug in Message Queuing was also patched. The update included a total of 103 CVEs, with 13 critical-rated vulnerabilities and 20% of the fixes related to Microsoft … Read more
October 10, 2023 at 04:07PM Microsoft has released a new security update (CVE-2023-36434) to address a critical vulnerability in Microsoft Exchange Server (CVE-2023-21709). The update eliminates the need for additional steps and manual removal of a vulnerable Windows IIS Token Cache module. Admins who have already removed the module must install the new security update … Read more