SMBleed – Microsoft SMB Protocol Vulnerability

A new critical vulnerability (CVE-2020-1206) affecting Microsoft Windows operation system’s Server Message Block (SMB) protocol was recently publicly disclosed. The vulnerability dubbed SMBleed, resides in SMB version 3.1.1’s decompression function, Srv2DecompressData. An unauthenticated attacker can exploit the vulnerability by sending a specially crafted message request to a targeted SMB server, and successful exploitation could allow continue reading : SMBleed – Microsoft SMB Protocol Vulnerability

Windows Adobe Type Manager Library Zero-Day Vulnerabilities

Microsoft warned about limited targeted attacks exploiting two zero-day vulnerabilities found in the Windows Adobe Type Manager Library. The two vulnerabilities are said to be remote code execution (RCE) vulnerabilities that exist in the way that Windows’ Adobe Type Manager Library handles certain fonts. The bug can be exploited by tricking the victim into opening continue reading : Windows Adobe Type Manager Library Zero-Day Vulnerabilities