Microsoft has recently issued a security advisory following the discovery of an NTLM relay attack vector against on-premises Exchange servers. An attacker who is able to intercept the NTLM authentication in an NTLM relay attack, is able to discover the Exchange Server’s credentials and potentially elevate their privileges to a Domain Administrator. This would allow […]
Microsoft warns Exchange vulnerable to NTLM relay attacks Read More »
Security updates and patches can literally be thing of nightmares for many Systems Administrators. To patch or not to patch – that is always the question. From a security perspective, security patches should always be applied to increase the organisation’s resilience to hackers and malware, but with many organisations lacking IT resources and having ever-decreasing
Security Patching – The Stuff of Sys Admin Nightmares Read More »
Microsoft’s December 2018 patch Tuesday release includes fixes for several critical vulnerabilities including one in PowerPoint which affects all versions since PowerPoint 2010. The PowerPoint bug (CVE-2018-8628) would allow an attacker to create a specially-crafted file, which when opened by PowerPoint, would enable the attacker to run arbitrary code as the logged-in user. According to
Death by PowerPoint and other vulnerabilities Read More »
A recent vulnerability in Sennheiser’s headphone management utility illustrates the risk of unexpected additions to the Microsoft windows certificate store. During installation, the Sennheiser software installed a self-signed root certificate into the computer’s trusted root CA certificate store. A copy of the certificates’ private key was also copied into application’s installation directory. Security research firm
Sennheiser headphone bug highlights certificate vulnerability Read More »
This week, we saw a new vulnerability surface which affects users of all currently supported Microsoft Office applications. Security researchers at Qihoo 360 Core Security first detected the vulnerability being exploited ‘in-the-wild’ on 28th September, 2017. In a blog post on 10th October, 2017, a representative for Qihoo wrote “The attack only targeted limited customers. The
Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826) Read More »
In this week’s Patch Tuesday update (dated 10th October, 2017), Microsoft have released patch for a vulnerability which affects multiple versions of the Windows operating system and could allow an attacker to execute arbitrary code through specially-crafted DNS responses. The CVE-2017-11779 vulnerability was discovered by Nick Freeman (a security researcher at BishopFox), who identified the
Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779) Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.