#windows

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang, Yuki Chen, and Dang The Tuyen! Check out the full list of researchers … Congratulations to the Top MSRC 2022 Q3 Security Researchers! Read More »

pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing.

Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Backdoor.Win32.Psychward.10 malware suffers from an unauthenticated remote command execution vulnerability.

By Waqas Fact: Medical devices are often designed with convenience and functionality in mind, rather than security. This is a post from HackRead.com Read the original post: Why IoT Security in Healthcare is Crucial

Categories: News Tags: week in security Tags: awis Tags: typosquatting Tags: cyberstalking Tags: Snapchat Tags: student loan relief scam Tags: Gas Tags: LAPSUS$ Tags: Microsoft Tags: Ducktail Tags: Venus Tags: ransomware Tags: BYOD Tags: SMB security tips Tags: Log4Text Tags: DeadBolt Tags: spot a scam Tags: FaceStealer Tags: fake tractor fraud Tags: ThermoSecure The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (October 17 - 23) appeared first on Malwarebytes Labs.

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang , Yuki Chen , and Dang The Tuyen! Check out the full list of researchers recognized this quarter here.

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET Core 3.1 where a malicious client can cause a Denial of Service via excess memory allocations through HttpClient. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.24 or earlier. ### Patches * If you're using .NET Core 6.0, you should download and install Runtime 6.0.5 or SDK 6.0.105 (for Visual Studio 2022 v17.0) or SDK 6.0.203 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET 5.0, you should download and install Runtime 5.0.17 or SDK 5.0.214 (for Visual Studio 2019 v1...

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests. ### Affected Software * Any .NET 6.0 application running on .NET 6.0.2 or lower * Any .NET 5.0 application running on .NET 5.0.14 or lower * Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower ### Patches To fix the issue, please install the latest version of .NET 6.0 or .NET 5.0 or .NET Core 3.1.. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs. * If you're using .NET Core 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.201 (for Vi...

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Denial of Service vulnerability exists in .NET 6.0 and .NET 5.0 when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. ### Affected Software * Any .NET 6.0 application running on .NET 6.0.1 or lower. * Any .NET 5.0 application running on .NET 5.0.13 or lower. ### Patches To fix the issue, please install the latest version of .NET 6.0 or .NET 5.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs. * If you're using .NET Core 6.0, you should download and install Runtime 6.0.2 or SDK 6.0.102 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET 5.0, you should...