Microsoft

Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Threat Alert

March 29, 2020

Overview

On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. Instead of a security patch, Microsoft currently provides a workaround for users to mitigate this vulnerability. (more…)

Microsoft Multiple Products Critical Vulnerabilities Threat Alert

February 26, 2020

Vulnerability Description

On February 12, 2020, Microsoft released February security update that fixed 100 security issues, including critical vulnerabilities like privilege escalation and remote code execution, found in Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Office, and other widely used applications. (more…)

Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities

November 29, 2019

Overview

Among the vulnerabilities that Microsoft has updated in this month, there are 13 critical ones which exist in products like Hyper-V, VBScript, Exchange, and Scripting Engine. (more…)

Microsoft RDS Remote Code Execution Vulnerabilities (CVE-2019-1181-1182)Threat Alert

September 10, 2019

  1. Vulnerability Overview

On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In other words, attackers could exploit them to execute arbitrary code and spread worm viruses without needing user interactions. (more…)