In recent years, zero-day exploits and attacks have become prominent emerging threats. These attacks take advantage of unknown vulnerabilities within software, which makes them almost impossible to detect and prevent. Zero-day attacks can have dire consequences, allowing attackers to take control of systems, steal data, or install malware. What is a Zero-Day attack? A zero-day… Continue reading Can Zero-Day Attacks Be Prevented With Patches?
GitLab, one of the most famous code repositories in the world, faces critical security issues in the latest update. Aside from advanced functionality, the 16.0 patch brought an extremely severe vulnerability. Experts already gave it CVSS 10.0 mark – the highest possible. What is GitLab? GitLab is an open-source repository and collaborative software development platform.… Continue reading GitLab Releases Patch to Critical Vulnerability
Google Project Zero specialists presented a report according to which software vendors began to fix 0-day vulnerabilities faster. For example, last year organizations needed less time than in previous years to fix 0-day vulnerabilities discovered by experts. On average, companies took 52 days to fix bugs, while three years ago they needed an average of… Continue reading Google analysts noticed that software vendors began to fix Zero-day vulnerabilities faster
The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service Access to Work or School. The problem is present on devices running Windows 10, version 1809 (and later). The bug is related to a bypass of the information disclosure patch (CVE-2021-24084) released by Microsoft engineers in February this year. This month, cybersecurity researcher… Continue reading Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service
Microsoft has added a new feature to Exchange Server that will automatically take action to remediate high-risk vulnerabilities (most likely already exploited by hackers). This should protect Exchange servers from attacks and give administrators more time to install full-fledged patches when Microsoft releases them. The fact is that zero-day vulnerabilities in Microsoft Exchange have recently… Continue reading New feature in Exchange Server will apply fixes automatically
Microsoft has prepared an emergency patch for a critical PrintNightmare bug that was recently discovered in Windows Print Spooler (spoolsv.exe). The PrintNightmare issue caused much confusion, as Microsoft initially combined two vulnerabilities under one identifier (CVE-2021-1675). But the official patch released in June only fixed part of the problem, leaving a critical RCE bug unpatched.… Continue reading Microsoft releases unscheduled patch for PrintNightmare vulnerability
Last week I talked about a PoC exploit for the dangerous vulnerability CVE-2021-34527 in Windows Print Spooler (spoolsv.exe), which researchers named PrintNightmare, and now an unofficial patch for this problem has been published. When the exploit was published, the researchers found that the patch released in June did not completely fix the problem. Moreover, the… Continue reading Unofficial patch published for PrintNightmare vulnerability