Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products

December 11, 2025

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]

Microsoft’s November Security Update of High-Risk Vulnerability Notice for Multiple Products

November 14, 2025

Overview On November 12, NSFOCUS CERT detected that Microsoft released the November Security Update patch, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, and Microsoft Visual Studio, including privilege escalation, high-risk vulnerability types such as remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly […]

Microsoft’s August Security Update High-Risk Vulnerability Notice for Multiple Products

August 14, 2025

Overview On August 13, NSFOCUS CERT detected that Microsoft released the August Security Update patch, which fixed 111 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Visual Studio, and Microsoft Exchange Server. These include high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]

Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products

June 12, 2025

Overview On June 11, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 67 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft Visual Studio, including high-risk vulnerability types such as privilege escalation and remote code execution. Of the vulnerabilities fixed in Microsoft’s monthly update this […]

Microsoft Released September Patches to Fix 81 Security Vulnerabilities Threat Alert

September 27, 2019

Overview

Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows Kernel, and Windows RDP. (more…)

Microsoft Security Bulletin for February 2019 Patches That Fix 79 Security Vulnerabilities

February 21, 2019

Overview

Microsoft released the January 2019 security patch on Tuesday that fixes 79 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Servicing Stack Updates, Team Foundation Server, Visual Studio, Windows DHCP Server, Windows Hyper-V, Windows Kernel, and Windows SMB Server. (more…)

Microsoft Exchange Server Arbitrary User Impersonation Vulnerability Handling Guide

January 10, 2019

1 Vulnerability Overview

Recently, a security researcher released details of an arbitrary user impersonation vulnerability (CVE-2018-8581) in Microsoft Exchange Server (also known as Exchange Web Server, EWS for short), revealing that an authenticated attacker could exploit this vulnerability to impersonate arbitrary accounts or even gain privileges of the target user. Currently, the vulnerability’s proof of concept (PoC) has been made publicly available. However, Microsoft has not released any security patches to address it, but provided a workaround in its official security advisory. Users of this software are advised to take precautions as soon as possible. (more…)

Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

December 29, 2018

Overview

Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Visual Studio,Windows Authentication Methods, Windows Azure Pack, Windows Kernel, and Windows Kernel-Mode Drivers.

(more…)

Search

Subscribe to the NSFOCUS Blog