Overview Recently, NSFOCUS CERT found the PoC that disclosed Microsoft Word remote execution code vulnerability (CVE-2023-21716) on the Internet. Because the RTF parser in Microsoft Word will trigger a heap corruption vulnerability when processing a font table (* fonttbl *) that contains too many fonts (* f # # #...
Tag: Microsoft
Microsoft’s February security update for multiple high-risk product vulnerabilities
Overview On February 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for February, which fixed 75 security issues, involving widely-used products such as Microsoft Exchange Server, Microsoft Word, Windows Graphics Component, Microsoft Publisher, etc., including high-risk vulnerability types such as privilege enhancement and remote code execution....
Microsoft December Security Updates for Multiple High-Risk Product Vulnerabilities
Overview On December 15th, NSFOCUS CERT monitored that Microsoft released the December security update patch, which fixed 67 security issues, involving widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft PowerShell, including privilege escalation, remote Types of high-risk vulnerabilities such as code execution. Among the vulnerabilities...
Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities
Overview According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server. This month's security updates fix 3 critical vulnerabilities...
Microsoft’s April Patches Fix 113 Security Vulnerabilities Threat Alert
Overview Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows...
Microsoft’s April Patches Fix Multiple 0-Day Vulnerabilities Exploited in the Wild Threat Alert
Overview On April 14, 2020, local time, Microsoft released its April patches that fix 113 security issues, including three 0-day vulnerabilities that have been exploited in the wild. The three vulnerabilities exist in Windows Adobe Type Manager Library and the Windows kernel. (more…)
