The New Year gets off to a busy start for Microsoft with the first security patch updates resolving over 100 vulnerabilities including six zero-days and one critical flaw identified as wormable. A wormable vulnerability can be exploited with no human intervention allowing malware to move from one computer to another across your network. This flawRead more
Blog
Customers of Microsoft Exchange Servers and some Honda motor vehicles experienced unusual errors with the turn of the year as software failed to handle the year 2022 when the date rolled over. Microsoft Exchange Server bug The FIP-FS anti-spam and anti-malware service has been enabled by default on all Exchange Servers since Exchange 2013 wasRead more
Proof of Concept code has been published showing how to exploit two vulnerabilities that would allow an attacker to obtain domain admin privilege on your Windows Domain Controllers. In the November security patch bundle, Microsoft released patches to resolve two vulnerabilities ( CVE-2021-42287 and CVE-2021-42278 ) in the Windows Active Directory Domain Services. On December 12th a proofRead more
This week Microsoft released their last monthly security patch bundle for the year, fixing six zero-day vulnerabilities – and many other companies released security updates as well. Microsoft Updates for December This month Microsoft’s security bundle includes fixes for 67 vulnerabilities with six of them classified as zero-day – which means in Microsoft’s terms: thatRead more
This week there have been several exploits published that target recently published (and patched) vulnerabilities in Microsoft Exchange Server and Windows 10/11 systems. Coming just a week after Microsoft published patches for these vulnerabilities, already proof of concept code has been made available on GitHub and threat actors have started targeting the exploits hoping toRead more
November’s security updates bring a bundle of important fixes for vulnerabilities in Windows and Android devices Microsoft Patch Tuesday Updates Microsoft’s security update this month fixes 55 security flaws with 6 of them called out as zero-day vulnerabilities. Microsoft classifies a zero-day as a vulnerability that is either under active attack in the wild orRead more
At the RSA Conference in 2004, Bill Gates predicted the death of the password. 17 years later Microsoft is finally bringing that prediction to pass with the roll out of passwordless logins for Microsoft 365 services. How does it work, and is it secure? Bill Gates said in 2004: “There is no doubt that overRead more
Microsoft has released patches for two security vulnerabilities in PowerShell which could allow a malicious script to circumvent the protection offered by Windows Defender Application Control. PowerShell is a cross-platform command-line shell used extensively in the administration of Windows and Azure servers. It is also popular with malicious users due to its power and flexibilityRead more
Microsoft’s 2021 Digital Defense Report provides a useful summary of the current and emerging threat landscape for Security Managers and CISOs. Read on for our summary of the key lessons from this year’s report. Cyber crime for Dummies We have seen increased industrialisation and commercialisation of cyber-crime over the last year. Criminal gangs areRead more
Three decades ago, Microsoft released Excel 4.0 with support for XLM macro files. A firm favourite with threat actors, XLM macros can be easily subverted to drop malware onto a victim’s computer through email campaigns that deliver malicious Office365 documents such as fake invoices and reports. Microsoft has now announced that XLM macros will beRead more
