Windows Server
October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw
On this October 2020 Patch Tuesday: Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps …
CISA orders federal agencies to implement Zerologon fix by Monday
If you had any doubts about the criticality of the Zerologon vulnerability (CVE-2020-1472) affecting Windows Server, here is a confirmation: the US Cybersecurity and …
Are your domain controllers safe from Zerologon attacks?
CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …
Windows users under attack via two new RCE zero-days
Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks …
Wormable Windows SMBv3 RCE flaw leaked, but not patched
Yesterday, when Microsoft released its regular Patch Tuesday fixes, Cisco Talos and Fortinet inadvertently(?) also published information about CVE-2020-0796, a …
BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable …
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …
Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too
Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new …
Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities
For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a …
Windows Servers in danger of being compromised via WDS bug
Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly …
PoC exploit for Windows Shell RCE released
Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited …
AMD users running Windows 10 get their Spectre fix
AMD has released new microcode updates for mitigating variant 2 of the Spectre attack and Microsoft has released an OS update with the mitigation to AMD users running Windows …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments