October 15, 2019
On September 23, local time, Microsoft released cumulative security updates for the Internet Explorer (IE), fixing a remote code execution vulnerability (CVE-2019-1367) in IE. This vulnerability exists in the way the IE’s script engine handles objects in memory. By tricking a user into accessing a crafted website through IE, an attacker could exploit this vulnerability to execute arbitrary code to finally gain control access to the system. (more…)
October 4, 2019
Microsoft released security updates for September that address a remote code execution vulnerability (CVE-2019-1297) in Microsoft Excel.
This vulnerability exists in Microsoft Excel when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged in with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (more…)
May 23, 2019
On May 14, 2019, local time, Microsoft released security updates for May that address a critical remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. The Remote Desktop Protocol (RDP) is not affected by this vulnerability. As the vulnerability may be exploited in worm-related attacks, users are advised to download appropriate patches and upgrade their systems as soon as possible. (more…)