Skip to content

Home Early Warning System Issues
Issues
Mitigation for a Privilege Escalation Vulnerability in Microsoft Exchange Server
Thursday, 07 February 2019 21:00

Microsoft has released a security advisory with mitigation for an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server. Users are strongly encouraged to test workarounds prior to deploying them into production to understand the potential impact.

 
Microsoft Exchange Server 2013 and Newer Remote Privilege Escalation Vulnerability
Tuesday, 29 January 2019 18:00

A vulnerability was reported in Microsoft Exchange Server 2013 and Newer. An attacker that has credentials for an Exchange mailbox and also has the ability to communicate with both a Microsoft Exchange server and a Windows domain controller may be able to gain domain administrator privileges. No patch was available at the time of this entry. Users can apply mitigations in the blog post.

 
Oracle VirtualBox Zero-Day Vulnerability and Exploit Released
Monday, 12 November 2018 14:00

A 0-day vulnerability was discovered in VirtualBox 5.2.20 and prior. An attacker or a malicious program with root or administrator privilege in the guest OS can escape and execute arbitrary code in the application layer (ring 3) of the host OS. No patch was available at the time of this entry. Users can protect themselves against potential cyber attacks by changing the network card of their virtual machines from NAT to "PCnet" or to "Paravirtualized Network", or other.

 
0-Day Remote Arbitrary Code Execution Vulnerability in Microsoft Edge
Wednesday, 07 November 2018 11:00

A 0-day vulnerability was discovered in Microsoft Edge. A remote attacker may be able to execute arbitrary code or gain control of the target system. Security researchers have developed a PoC(Proof-of-Concept) to demonstrate this issue. No patch was available at the time of this entry.

 
A Flaw in Microsoft Office 2016 and Older Versions Could Allow Attackers to Infect User's Computers
Wednesday, 31 October 2018 12:00

A flaw was reported in Microsoft Office 2016 and older versions. Attackers may be able to send users a maliciously crafted document with an embed video. When users clicked on an embedded video link, would prompt users to run an embedded executable. Microsoft has no plans to fix the issue at the time of this entry, users are advised not ot open email attachments from unknown or suspicious sources.

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 141
[YOUR IP : 34.207.152.62: 56838] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...