The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day
The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store. Ever since it was discovered six months ago, the BlueKeep vulnerability has had (not only) the cybersecurity community concerned about impending WannaCryptor-style attacks. Earlier in November, Microsoft together with security researchers Kevin Beaumont and Marcus Hutchins shed light on … More First BlueKeep attacks prompt fresh warnings
There is no word on which threat actor is abusing the severe vulnerability for attacks. Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors. The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is … More Microsoft rushes out patch for Internet Explorer zero‑day
File-less malware attacks leave little trace, which makes them all the more threatening. A file-less malware attack doesn’t even need to install software on a victim’s machine and is instead based on an attacker taking control of something already installed on your computer. A file-less malware attack often latches onto a built-in component of Windows … More What exactly is a file-less malware attack and how could it affect your business?
Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10. Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by … More Microsoft warns of new BlueKeep‑like flaws
Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations … More BlueKeep patching isn’t progressing fast enough
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks