Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-36417

Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

CVE
Open in Source
#sql#vulnerability#microsoft#rce
CVE-2023-36433

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVE-2020-27630: Forescout – Manage cyber risk and mitigate threats, continuously.

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.

Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.”

Google Adopts Passkeys as Default Sign-in Method for All Users

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins," Google's Sriram Karra and Christiaan

Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

By Deeba Ahmed As the conflict escalates on the ground, hacktivists are gearing up for cyberwar. This is a post from HackRead.com Read the original post: Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.

CVE-2023-36565: Microsoft Office Graphics Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-36566: Microsoft Common Data Model SDK Denial of Service Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2023-36778: Microsoft Exchange Server Remote Code Execution Vulnerability

**What can cause this vulnerability?** The vulnerability occurs due to improper validation of cmdlet arguments. **Does the attacker need to be in an authenticated role in the Exchange Server?** Yes, the attacker must be authenticated.