As part of January Patch Tuesday, Microsoft fixed a dangerous 0-day privilege escalation vulnerability for which a PoC exploit is available online. The vulnerability is already being exploited in attacks by highly skilled hacker groups. The exploit was published by Privacy Piiano founder and CEO Gil Dabah, who discovered the vulnerability two years ago. Daba… Continue reading 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues
Tag: Bug
Microsoft warned of a critical vulnerability in Cosmos DB
Microsoft has warned thousands of Azure customers of a critical Cosmos DB vulnerability. The bug allows any user remote database management, and grants administrator rights without the need for authorization. The problem was discovered by the research team of the cloud security company Wiz. Experts named the vulnerability ChaosDB and reported it to Microsoft on… Continue reading Microsoft warned of a critical vulnerability in Cosmos DB
Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device
Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it. For a successful attack on a Kindle, just… Continue reading Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device
Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers
In February of this year, SentinelOne experts found a 16-year-old vulnerability in the driver of HP, Xerox and Samsung printers. The problem allows attackers to gain administrator rights on systems that use vulnerable software. The vulnerability received the identifier CVE-2021-3438 and has been present in the driver code since 2005, that is, it poses a… Continue reading Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers
Exploit for dangerous PrintNightmare problem in Windows has been published online
A PoC exploit for the dangerous PrintNightmare vulnerability in Windows Print Spooler (spoolsv.exe) has been published online. This bug has ID CVE-2021-1675 and was patched by Microsoft just a couple of weeks ago, as part of June’s Patch Tuesday. Windows Print Spooler Service is a universal interface between OS, applications, and local or network printers,… Continue reading Exploit for dangerous PrintNightmare problem in Windows has been published online
Microsoft fixes a bug that corrupted FLAC files
Microsoft has fixed a bug in Windows 10 that changed the name, artist, or other metadata in FLAC files, therefore corrupting them. The bug affected several editions of Windows 10 (Home, Pro, Enterprise, Education, Pro Education and Pro for Workstations), as well as several versions (2004 and 20H2). The problem could arise when editing the… Continue reading Microsoft fixes a bug that corrupted FLAC files