Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-1531: Chromium: CVE-2023-1531 Use after free in ANGLE

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#web#google#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2023-28286: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-28261: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.

MITRE Rolls Out Supply Chain Security Prototype

Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.

Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023. The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps. "The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy

CVE-2023-28759: Security Advisory Impacting NetBackup Windows OS Clients

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.

CVE-2023-23192: Protect Active Directory Identities with 2FA and SSO | UserLock

IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task.

Bug in Google Markup, Windows Photo-Cropping Tools Exposes Removed Image Data

Image-editing tools from Google and Microsoft contain the “aCropalypse” bug, which can reveal information users intentionally removed.

CVE-2023-27054: Multiple Cross-Site Scripting (XSS) · Issue #139 · miroslavpejic85/mirotalk

A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.