Google’s Project Zero has disclosed the details of a Windows 0-day vulnerability under active attack which affects all versions from Windows 7 through to Windows 10. No patch is yet available from Microsoft but one is expected in the November 2020 patch Tuesday updates. Last week we published details of a Chrome Browser 0-day vulnerability […]
Windows 0-day vulnerability disclosed Read More »
Microsoft has patched a Remote Code Execution vulnerability in Visual Studio which could be exploited by creating a code repository – such as for a popular open source tool – and convincing a developer to clone and open it. The vulnerability (CVE-2020-17023) exists in the handling of the ‘package.json’ file and can be exploited to
Visual Studio RCE Vulnerability Patched Read More »
October’s security patch bundle from Microsoft resolves 87 vulnerabilities, 12 rated as critical. One of these is a flaw in the Windows TCP/IP stack which can result in a server crash or remote code execution simply by sending a specially crafted ICMPv6 request. While it is technically challenging to achieve a remote code execution, the
October Patch Tuesday includes critical Windows TCP/IP vulnerability Read More »
Whenever a new Windows device is booted from an image, there is a period of time when the machine is live and on the network, but it is missing operating system security patches and Microsoft Defender updates. This new-born system is at its most vulnerable until the missing patches and updates have been applied. If
Microsoft Defender now updates OS image files Read More »
After 4 months beta-testing, GitHub has rolled out a new source code scanning service that will find security vulnerabilities in your home-grown software or open source tools. During the testing over 20,000 security vulnerabilities were discovered across 12,000 different projects including Remote Code Execution, SQL Injection and Cross Site-Scripting (XSS) flaws. GitHub is a Microsoft
GitHub can now find security vulnerabilities in your code Read More »
A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched. If you have not applied the August patch bundle to your domain controllers stop reading and go do it now. Really
Critical Domain Controller Flaw Requires Urgent Patching Read More »
The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending a specially crafted email to the server. A large patch bundle is a double edged sword – it’s reassuring that the
September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities Read More »
A new vector for pass-the-hash attacks has been discovered targeting Windows 10 personalisation themes. A security researcher has published details of a potential issue with the design of Windows 10 themes that can be exploited to harvest Windows and Microsoft Account login credentials. A Windows 10 theme is a collection of customisation settings for Windows
Pass-the-hash attack discovered in Windows Themes Read More »
Microsoft Application Guard helps protect against malware in Office documents by opening each document in its own segregated virtual machine. Microsoft says in the release notes: Application Guard is a virtualization-based sandbox that’s used to isolate untrusted documents you may encounter. It brings the same technology that powers Azure to your desktop. Untrusted documents are
Microsoft Launches Application Guard preview Read More »
Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever released by Microsoft. Of particular interest are 17 critical updates and two zero-day exploits which are being actively attacked. IE 11
Microsoft Patches two zero-day Exploits Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.