Microsoft’s October security update for multiple high-risk product vulnerabilities
October 12, 2023
Overview On October 11, NSFOCUS CERT monitored that Microsoft had released a security update patch for October, fixing 104 security problems, involving Microsoft WordPad, Skype for Business, Windows Layer 2 Tunneling Protocol, Microsoft Message Queuing and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc. Among the vulnerabilities […]
Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)
March 8, 2023
Overview Recently, NSFOCUS CERT found the PoC that disclosed Microsoft Word remote execution code vulnerability (CVE-2023-21716) on the Internet. Because the RTF parser in Microsoft Word will trigger a heap corruption vulnerability when processing a font table (* fonttbl *) that contains too many fonts (* f # # # *), an attacker can exploit […]
Microsoft’s February security update for multiple high-risk product vulnerabilities
February 20, 2023
Overview On February 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for February, which fixed 75 security issues, involving widely-used products such as Microsoft Exchange Server, Microsoft Word, Windows Graphics Component, Microsoft Publisher, etc., including high-risk vulnerability types such as privilege enhancement and remote code execution. Among the vulnerabilities fixed in […]
Microsoft December Security Updates for Multiple High-Risk Product Vulnerabilities
December 16, 2021
Overview On December 15th, NSFOCUS CERT monitored that Microsoft released the December security update patch, which fixed 67 security issues, involving widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft PowerShell, including privilege escalation, remote Types of high-risk vulnerabilities such as code execution. Among the vulnerabilities fixed by Microsoft’s monthly update […]
Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities
October 27, 2021
Overview According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server. This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including […]
Microsoft’s April Patches Fix 113 Security Vulnerabilities Threat Alert
April 29, 2020
Overview
Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Remote Desktop Client, Visual Studio, Windows Defender, Windows Hyper-V, Windows Kernel, Windows Media, and Windows Update Stack. (more…)
Microsoft’s April Patches Fix Multiple 0-Day Vulnerabilities Exploited in the Wild Threat Alert
April 25, 2020
Overview
On April 14, 2020, local time, Microsoft released its April patches that fix 113 security issues, including three 0-day vulnerabilities that have been exploited in the wild. The three vulnerabilities exist in Windows Adobe Type Manager Library and the Windows kernel. (more…)
Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Threat Alert
March 29, 2020
Overview
On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. Instead of a security patch, Microsoft currently provides a workaround for users to mitigate this vulnerability. (more…)
Microsoft Multiple Products Critical Vulnerabilities Threat Alert
February 26, 2020
Vulnerability Description
On February 12, 2020, Microsoft released February security update that fixed 100 security issues, including critical vulnerabilities like privilege escalation and remote code execution, found in Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Office, and other widely used applications. (more…)
Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities
November 29, 2019
Overview
Among the vulnerabilities that Microsoft has updated in this month, there are 13 critical ones which exist in products like Hyper-V, VBScript, Exchange, and Scripting Engine. (more…)