Microsoft Archives - Page 10 of 17 - Cyber Security Minute

Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation

Issued by: Security Week

Tracked as CVE-2021-30892 and named “Shrootless” by Microsoft, the vulnerability exists in the method used to install Apple-signed packages with post-install scripts. To successfully exploit the vulnerability, an attacker needs to create a specially crafted file that would allow them to hijack the installation process of said packages. Apple introduced SIP in macOS Yosemite to…

Network Security

Organizations Can Now Try Out End-to-End Encrypted Microsoft Teams Calls

Issued by: Security Week

First announced at the tech giant’s Ignite event in March, end-to-end encryption (E2EE) for one-to-one Teams calls is now rolling out to public preview. Organizations can take advantage of the new capability, but IT admins and users will have to manually enable it. When E2EE is used, conversations are encrypted in a way that prevents…

Vulnerabilities

OMI vulnerabilities threaten Linux virtual machines on Azure

Issued by: Kaspersky Blog

News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it. Although a stealth installation might sound terrible on its face, this…

Malware & Threats

Hacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation: Microsoft

Issued by: Security Week

The missing mitigation was flagged by Microsoft in a post mortem of last month’s zero-day attack that hit businesses using the SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP products. Microsoft originally shipped the mitigation — called ASLR (Address Space Layout Randomization) in Windows Vista back in 2006 as part of a larger plan…

Vulnerabilities

Patch now! Microsoft Exchange is being attacked via ProxyShell

Issued by: Blog Malwarebytes

Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute arbitrary code on a vulnerable machine. This set of Exchange vulnerabilities is often grouped under the name ProxyShell. Fixes were available…

Vulnerabilities

Third-Party Patches Available for More PetitPotam Attack Vectors

Issued by: Security Week

Disclosed in late July, PetitPotam is a remote code execution vulnerability (CVE-2021-36942) that abuses the Encrypting File System Remote (MS-EFSRPC) protocol. An attacker exploiting the bug could get a targeted server to connect to an attacker-controlled server and perform NTLM authentication. The attacker could then use other exploits to take complete control of a Windows…

Vulnerabilities

Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes

Issued by: Blog Malwarebytes

I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now. PrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network…

Vulnerabilities

Microsoft Patch Tuesday: Windows Flaw Under Active Attack

Issued by: Security Week

The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8. Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows…

Software Security

Microsoft Launches JIT-Free ‘Super Duper Secure Mode’ Edge Browser Experiment

Issued by: Security Week

The plan is to create a provocatively named “Super Duper Secure Mode” in Edge that deliberately disables support for the browser’s JavaScript JIT (Just-in-Time) compiler while adding a major anti-exploitation roadblock from Intel Corp. The new SDSM test — available in Edge preview builds for select users — essentially rips out JIT, a feature that…

Vulnerabilities

Researchers Publish Details on Recent Critical Hyper-V Vulnerability

Issued by: Security Week

Tracked as CVE-2021-28476 with a CVSS score of 9.9, the security vulnerability impacts Hyper-V’s virtual network switch driver (vmswitch.sys) and could be exploited to achieve remote code execution or cause a denial of service condition. Hyper-V is a native hypervisor that provides virtualization capabilities for both desktop and cloud systems, and which Microsoft uses as…