Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVE
Open in Source
#sql#vulnerability#microsoft#rce
CVE-2023-36778

Microsoft Exchange Server Remote Code Execution Vulnerability

Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.”

Google Adopts Passkeys as Default Sign-in Method for All Users

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms. "This means the next time you sign in to your account, you'll start seeing prompts to create and use passkeys, simplifying your future sign-ins," Google's Sriram Karra and Christiaan

Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

By Deeba Ahmed As the conflict escalates on the ground, hacktivists are gearing up for cyberwar. This is a post from HackRead.com Read the original post: Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.

CVE-2023-36416: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36565: Microsoft Office Graphics Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-36566: Microsoft Common Data Model SDK Denial of Service Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.