Microsoft said that attackers could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology and gain access to protected user data. Back in the summer of 2021, a research group informed Apple developers about a vulnerability dubbed powerdir (CVE-2021-30970). The bug is related to the TCC technology, which is designed to block… Continue reading Vulnerability in macOS Leads to Data Leakage
Tag: Microsoft
Experts are already fixing attacks on the Log4Shell vulnerability
Security researchers are already scanning the network looking for products affected by a dangerous bug in the Log4j library and are fixing the results of cybercriminals’ attacks on a Log4Shell vulnerability. The vulnerability is already being exploited to deploy miners, Cobalt Strike beacons, etc. An issue in the popular Log4j logging library included in the… Continue reading Experts are already fixing attacks on the Log4Shell vulnerability
Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service
Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service Access to Work or School. The problem is present on devices running Windows 10, version 1809 (and later). The bug is related to a bypass of the information disclosure patch (CVE-2021-24084) released by Microsoft engineers in February this year. This month, cybersecurity researcher… Continue reading Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service
Microsoft warns of dangerous vulnerability in Surface Pro 3 devices
Microsoft engineers have published a security bulletin on a new vulnerability affecting Surface Pro 3 tablets. The bug could be used by an attacker to inject malicious devices into corporate networks and bypass the Device Health Attestation. Other Surface devices, including Surface Pro 4 and Surface Book, are not considered affected by this issue. Although… Continue reading Microsoft warns of dangerous vulnerability in Surface Pro 3 devices
Microsoft fixes 81 bugs, including vulnerability under attacks
Microsoft has released updates for its products: in total, this month the company fixed 74 bugs (81 if to include vulnerabilities in Microsoft Edge), three of which are classified as critical, four have the status of zero-day vulnerabilities, and one problem has already been adopted by hackers. Of the four 0-day vulnerabilities under attack, there… Continue reading Microsoft fixes 81 bugs, including vulnerability under attacks
New feature in Exchange Server will apply fixes automatically
Microsoft has added a new feature to Exchange Server that will automatically take action to remediate high-risk vulnerabilities (most likely already exploited by hackers). This should protect Exchange servers from attacks and give administrators more time to install full-fledged patches when Microsoft releases them. The fact is that zero-day vulnerabilities in Microsoft Exchange have recently… Continue reading New feature in Exchange Server will apply fixes automatically
ProxyToken Vulnerability Allows Stealing Mail Through Microsoft Exchange
A dangerous vulnerability called ProxyToken has been discovered in Microsoft Exchange. An attacker can exploit this problem by making requests to the Exchange Control Panel (ECP) web services and stealing messages from the victim’s mailbox. Initially, the problem was discovered by a VNPT ISC specialist, who reported it to Trend Micro Zero-Day Initiative (ZDI) experts… Continue reading ProxyToken Vulnerability Allows Stealing Mail Through Microsoft Exchange
Microsoft warned of a critical vulnerability in Cosmos DB
Microsoft has warned thousands of Azure customers of a critical Cosmos DB vulnerability. The bug allows any user remote database management, and grants administrator rights without the need for authorization. The problem was discovered by the research team of the cloud security company Wiz. Experts named the vulnerability ChaosDB and reported it to Microsoft on… Continue reading Microsoft warned of a critical vulnerability in Cosmos DB
Microsoft Warns of New Print Spooler Vulnerability
Microsoft has released a notice of a new vulnerability in Print Spooler (CVE-2021-36958) that allows local attackers to gain system privileges on a computer. The new vulnerability is related to other PrintNightmare bugs that exploit the configuration settings for Print Spooler, print drivers, anфd Windows Point and Print. Microsoft previously released patches for PrintNightmare in… Continue reading Microsoft Warns of New Print Spooler Vulnerability
Microsoft releases patches for 44 vulnerabilities, including three 0-days
As part of Patch Tuesday this week, Microsoft released patches for 44 vulnerabilities (51 including bugs in Microsoft Edge), seven of which were classified as critical, three were 0-day, and one was already under attack. Patches released this month: .NET Core and Visual Studio, ASP.NET Core and Visual Studio, Azure, Windows Update, Windows Print Spooler… Continue reading Microsoft releases patches for 44 vulnerabilities, including three 0-days