Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-24473: Microsoft Excel Remote Code Execution Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Microsoft Security Response Center
#vulnerability#microsoft#Microsoft Office Excel#Security Vulnerability
CVE-2022-24765: GitHub: Uncontrolled search for the Git directory in Git for Windows

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2022-24767: GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2022-23259: Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db\_owner within their Dynamics 356 database.

The Tricky Aftermath of Source Code Leaks

Lapsus$ hackers leaked Microsoft’s Bing and Cortana source code. How bad is that, really?

TSA’s Terrorist Watch List Comes for Amtrak Passengers

Plus: Microsoft seizes Russian GRU domains, Cash App’s data breach, and Obama’s disinfo admission.

CVE-2022-26877: Manage your team’s work, projects, & tasks online • Asana

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.

CVE-2022-28796

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2021-36202: Product Security Advisories

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.