As part of its October monthly software updates and security fixes, Microsoft has patched a critical-severity flaw found in Microsoft SharePoint Server that could enable remote attackers to arbitrary code execution in the context of the local administrator on affected installations of SharePoint server. Tracked as CVE-2020-16952, a remote code execution vulnerability that exists in continue reading : Microsoft’s SharePoint Vulnerability (CVE-2020-16952)
As part of its August monthly update, Microsoft has applied a temporary patch to a critical elevation of privilege flaw which can be exploited by attackers to take over Windows Servers running as domain controllers, as well as host computers in enterprise networks. Tracked as CVE-2020-1472, also dubbed as Zerologon and Netlogon Elevation of Privilege continue reading : Microsoft’s Zerologon Vulnerability (CVE-2020-1472)
A critical remote code execution tracked as CVE-2020-1147 affecting Microsoft Sharepoint servers has been patched by Microsoft. The vulnerability resides in two .NET components, namely DataSet and DataTable, used for managing data sets, and stems from the fact the software fails to check the source markup of XML file input. The vulnerability also exists in continue reading : Microsoft SharePoint Vulnerability (CVE-2020-1147)
Cybercriminals claiming to be Fancy Bear and Armada Collective have been observed to be threatening organizations from different sectors with distributed denial of service (DDoS) attacks. They are trying to extort money from the organization by demanding ransom payment in order to prevent the alleged DDoS attacks. The threat actors sent extortion emails to target continue reading : DDoS Attack Extortion Campaign Impersonates Fancy Bear and Armada Collective
Microsoft has patched over one-hundred twenty (120) vulnerabilities across thirteen (13) of its products as part of its monthly security and non-security update. Two of the addressed flaws have reportedly been exploited in the wild as a zero-day, likely as part of a targeted attack. A spoofing vulnerability tracked as CVE-2020-1464 affecting Windows Operating System continue reading : Microsoft’s Two Zero-Day Vulnerability (CVE-2020-1464 and CVE-2020-1380)