CySec News Microsoft has released out-of-band (OOB) Windows updates to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. Today’s OOB updates will be automatically installed via Windows Update and can also be downloaded and installed manually via […]
15
Jun
Jun
CySec News Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. “Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do […]
08
Jun
Jun
CySec News HTTP/3 (RFC 9114) is the latest revision of the HTTP protocol, taking over from 2015’s HTTP/2. HTTP/3 is designed to address some of the performance issues inherent in HTTP/2, improving the user experience, decreasing the impact of packet loss without head-of-line blocking, speeding up handshake requirements, and enabling encryption by default. The protocol […]
01
Jun
Jun
CySec News The Follina vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the “ms-msdt:” URI scheme. Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite […]
18
May
May
CySec news Microsoft has reminded customers today that Windows Server, version 20H2, will be reaching the end of service (EOS) on August 9, 2022. In a support document published today, Microsoft says that Windows Server 20H2 will reach the mainstream support end date for Datacenter Core and Standard Core users. Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-20h2-reaches-end-of-service-in-august/ NVIDIA has […]
15
May
May
CySec News Today is Microsoft’s May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today’s update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges. The actively exploited zero-day vulnerability fixed […]
04
May
May
CYSEC NEWS This article demonstrates a flaw that allows attackers to bypass a Windows security mechanism which protects anti-malware products from various forms of attack. This is of particular interest because we build and maintain two anti-malware products that benefit from this protection. Reference: https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/# A new Onyx ransomware operation is destroying files larger than […]
24
Feb
Feb
CYSEC NEWS Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft’s Patch Tuesday updates for November 2021 However, in what’s a case of an insufficient patch, Naceri found that it was not only possible to bypass […]
22
Feb
Feb
FEBRUARY 15-22 CYSEC NEWS WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII. The vulnerability affects UpdraftPlus versions 1.16.7 to 1.22.2, and the developers fixed it with the release of […]
- 1
- 2