#microsoft

The Storm-1575 group is known for frequently rebranding its phishing infrastructure. Recently, ANY.RUN analysts identified the deployment of…

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until

A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said. "The ultimate goal of

**What does the security update provide to mitigate the risks associated with this vulnerability?** The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.