#microsoft

**Why is this HackerOne CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Node.js software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.

**According to the CVSS metric, Integrity (I:L) is Low. What does that mean for this vulnerability?** An attacker's message can inherit the sender's email address from another message in the UI. The attacker cannot control which message it inherits from. This issue occurs exclusively for messages in the Junk folder, as it is the only folder where the app displays the sender's email address. The attacker cannot affect confidentiality or availability.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.

**How could an attacker exploit this vulnerability?** To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

**How could an attacker exploit this vulnerability?** To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.

**How do I get the update for Microsoft HPC Pack?** If you do not have automatic updates enabled you need to manually update your extension. See Update Network Watcher extension to the latest version for update instructions. Customers who have automatic updates enabled do not need to take any further action.

Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications.

Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more.