On October 8, 2024, the Microsoft Security Response Center published details about a significant security vulnerability identified as CVE-2024-43572. This vulnerability pertains to the Microsoft Management Console (MMC) and poses a risk of remote code execution (RCE). Vulnerabilities of this...
CVE-2024-30092: Understanding the Windows Hyper-V Remote Code Execution Vulnerability
On October 8, 2024, Microsoft disclosed a critical vulnerability tracked as CVE-2024-30092 that affects Windows Hyper-V, the virtualization technology built into Windows servers and Windows client OS. This flaw...
CVE-2024-38195: Azure CycleCloud Remote Code Execution Vulnerability Explained Overview On August 13, 2024, Microsoft published details regarding a significant vulnerability, designated as CVE-2024-38195, affecting Azure CycleCloud. This vulnerability allows for remote code execution (RCE)...
Original release date: December 2, 2021
Summary
This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations.
This joint...
Original release date: January 10, 2020
Summary
Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning...
In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard...
Revision Note: V3.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this issue. We have released MS09-053 to address this issue. For more information about this issue, including...