Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities

October 27, 2021

Overview According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server. This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including […]

Microsoft’s April Patches Fix 113 Security Vulnerabilities Threat Alert

April 29, 2020


Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Remote Desktop Client, Visual Studio, Windows Defender, Windows Hyper-V, Windows Kernel, Windows Media, and Windows Update Stack. (more…)

Microsoft’s April Patches Fix Multiple 0-Day Vulnerabilities Exploited in the Wild Threat Alert

April 25, 2020


On April 14, 2020, local time, Microsoft released its April patches that fix 113 security issues, including three 0-day vulnerabilities that have been exploited in the wild. The three vulnerabilities exist in Windows Adobe Type Manager Library and the Windows kernel. (more…)

Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Threat Alert

March 29, 2020


On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. Instead of a security patch, Microsoft currently provides a workaround for users to mitigate this vulnerability. (more…)

Microsoft Multiple Products Critical Vulnerabilities Threat Alert

February 26, 2020

Vulnerability Description

On February 12, 2020, Microsoft released February security update that fixed 100 security issues, including critical vulnerabilities like privilege escalation and remote code execution, found in Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Office, and other widely used applications. (more…)

Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities

November 29, 2019


Among the vulnerabilities that Microsoft has updated in this month, there are 13 critical ones which exist in products like Hyper-V, VBScript, Exchange, and Scripting Engine. (more…)

Microsoft RDS Remote Code Execution Vulnerabilities (CVE-2019-1181-1182)Threat Alert

September 10, 2019

  1. Vulnerability Overview

On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In other words, attackers could exploit them to execute arbitrary code and spread worm viruses without needing user interactions. (more…)