Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2021-42299: Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

*Which Surface devices are affected by this vulnerability?* The Surface Pro 3. *Are any other devices vulnerable?* Microsoft has confirmed that the Surface Pro 3 is vulnerable. However, it is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable. The Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. *What can an attacker do with this vulnerability?* Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. *How do I protect myself?* This technique requires physical access to a target victim’s device, or an attacker would already have had to compromise a legitimate user's credentials. We encourage custom...

Microsoft Security Response Center
Open in Source
#Microsoft Devices#Security Vulnerability#vulnerability#ios#mac#windows#microsoft#git
CVE-2021-40487: Microsoft SharePoint Server Remote Code Execution Vulnerability

*What is the attack vector for this vulnerability?* In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the SharePoint Server.

CVE-2021-40482: Microsoft SharePoint Server Information Disclosure Vulnerability

*What kind of information can be disclosed?* An attacker can gain access to an organizational's email, sites, filename, url of file...