MS Office
![zero day](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/10142903/zero_day-1-1500-400x200.webp)
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)
CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for …
![Patch Tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2023/02/14201322/patch_tuesday-400x200.jpg)
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being …
![patch Tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2022/11/08204602/patch-tuesday-2022-400x200.jpg)
Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the …
![patch tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12093110/patch-tuesday-hands1-400x200.jpg)
August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ
August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for …
![patch tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12093110/patch-tuesday-hands1-400x200.jpg)
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an …
![Patch Tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2023/02/14201322/patch_tuesday-400x200.jpg)
Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 76 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, …
![OneNote](https://img.helpnetsecurity.com/wp-content/uploads/2023/03/10154054/onenote_hands-400x200.jpg)
Microsoft to boost protection against malicious OneNote documents
Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known …
![Microsoft Word](https://img.helpnetsecurity.com/wp-content/uploads/2023/03/06112502/microsoft-word_hns-400x200.jpg)
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly …
![fire](https://img.helpnetsecurity.com/wp-content/uploads/2017/07/09103749/fire-400x200.jpg)
Office exploits continue to spread more than any other category of malware
The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an …
![Office 365](https://img.helpnetsecurity.com/wp-content/uploads/2019/10/09092801/office365-400x200.jpg)
Escanor malware delivered in weaponized Microsoft Office documents
Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram …
![biohazard](https://img.helpnetsecurity.com/wp-content/uploads/2018/09/09100312/biohazard-400x200.jpg)
87% of the ransomware found on the dark web has been delivered via malicious macros
Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. Conducted in partnership with criminal intelligence provider Forensic …
![Microsoft](https://img.helpnetsecurity.com/wp-content/uploads/2022/06/03180720/microsoft-broken-400x200.jpg)
Microsoft adds default protection against RDP brute-force attacks
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at …
Featured news
Sponsored
Don't miss
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD
- Realm: Open-source adversary emulation framework
- Discover the growing threats to data security
- Encrypted traffic: A double-edged sword for network defenders