Microsoft Vulnerability

Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-1367) Threat Alert

October 15, 2019

1 Vulnerability Description

On September 23, local time, Microsoft released cumulative security updates for the Internet Explorer (IE), fixing a remote code execution vulnerability (CVE-2019-1367) in IE. This vulnerability exists in the way the IE’s script engine handles objects in memory. By tricking a user into accessing a crafted website through IE, an attacker could exploit this vulnerability to execute arbitrary code to finally gain control access to the system. (more…)

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1297) Threat Alert

October 4, 2019

Overview

Microsoft released security updates for September that address a remote code execution vulnerability (CVE-2019-1297) in Microsoft Excel.

This vulnerability exists in Microsoft Excel when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged in with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (more…)

Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708) Threat Alert

May 23, 2019

Overview

On May 14, 2019, local time, Microsoft released security updates for May that address a critical remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. The Remote Desktop Protocol (RDP) is not affected by this vulnerability. As the vulnerability may be exploited in worm-related attacks, users are advised to download appropriate patches and upgrade their systems as soon as possible. (more…)