The September Patch Tuesday security bundle from Microsoft fixes 60 vulnerabilities including some rated as Critical and a zero-day vulnerability under active attack affecting Microsoft Office. Microsoft Security updates for September Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) was publicised in early September when Microsoft warned Office 365 customers about the vulnerability. The flaw wasRead more
Blog
A zero-day Remote Code Execution attack targeting Office 365 and Office 2019 users has prompted Microsoft to issue a security advisory with a workaround to protect your network until a patch is available. According to the security advisory released by Microsoft: Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affectsRead more
Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception. Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business EmailRead more
Details have emerged of (another) Exchange Server vulnerability, called ProxyToken, which allows an attacker to reconfigure an Exchange server remotely without needing to know any passwords. Reported by the Zero Day Initiative the vulnerability affects Exchange server versions 2013 through 2019: With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging toRead more
ProxyShell can be exploited to achieve a Remote Code Execution without needing to know any usernames or passwords for the targeted Exchange Server – security vulnerabilities do not come any worse than this. ProxyShell is easier to exploit than the ProxyLogon attacks that hit the headlines earlier this year, prompting CISA to issue their first everRead more
Cyber-criminals have been exploiting the Windows PrintNightmare vulnerability to attack networks around the world. PrintNightmare is the name given to a collection of vulnerabilities in the Windows Print Spooler. According to reports from Talos and CrowdStrike, several threat actors have now incorporated the PrintNightmare vulnerabilities into attacks on their victims networks. The PrintNightmare vulnerabilities wereRead more
A flaw in all versions of Windows 10 and Server 2019 released since November 2018 leaves the Security Account Manager file which contains all the hashed credentials for the PC, open for any user to read. Microsoft has issued a security advisory to track their investigations, but no permanent solution has been released – althoughRead more
Microsoft has moved swiftly to publish mitigation advice for a new NTLM relay attack against Windows Domain controllers, dubbed PetitPotam. An NTLM relay attack can occur when an attacker inserts themselves between a valid client-server authentication request in a Windows Domain or tricks one system into trying to authenticate itself and so providing a copyRead more
Since the start of June there has been a confusing number of security vulnerabilities reported in the Windows Print Spooler. Let me explain what is going on. CVE-2021-1675 This is the vulnerability that caused some initial confusion – a Remote Code Execution vulnerability in the Windows Print Spooler. This is not the vulnerability known asRead more
July is another bumper month for Microsoft as they ship fixes for 117 security vulnerabilities, 13 of them rated as critical and at least 4 are currently under active attack by cyber criminals. The actively exploited vulnerabilities patched this month are: CVE-2021-34527 – Windows Print Spooler RCE Vulnerability – aka PrintNightmare It’s third time luckyRead more
