security advisory

The Microsoft Security Response Center (MSRC) has recently issued an update concerning a memory corruption vulnerability classified as CVE-2024-38207, which affects Microsoft Edge. The current discourse surrounding this vulnerability centers on an informational change, specifically an updated...

Introduction On September 17, 2024, the Microsoft Security Response Center (MSRC) published an advisory regarding a significant vulnerability identified as CVE-2024-38183 affecting GroupMe, the popular messaging platform owned by Microsoft. This vulnerability entails an improper access control...

A recent security advisory revealed a significant remote code execution vulnerability in Microsoft Edge, built on the Chromium framework. Identified as CVE-2024-34122, this vulnerability poses serious risks to users by potentially allowing attackers to execute arbitrary code on the affected...

In a recent security advisory published by Microsoft, a critical vulnerability designated as CVE-2024-30105 has been identified within .NET Core and Visual Studio, with implications for users who utilize PowerShell 7.4. The vulnerability presents a potential denial-of-service threat, causing...

Introduction In today's increasingly digital workspace, the implications of software vulnerabilities cannot be overstated, particularly within widely-used applications like Microsoft Excel. The recent announcement of CVE-2024-38170 highlights a critical remote code execution vulnerability, which...

In recent news, the Indian Computer Emergency Response Team (CERT-In) has issued a critical advisory concerning multiple vulnerabilities affecting Microsoft's widely-used Windows operating systems, specifically targeting versions 10, 11, and Windows Server. These findings underscore the...

Overview of the Vulnerability Alert In an urgent advisory, the Indian Computer Emergency Response Team (CERT-In), part of the Ministry of Electronics and Information Technology, issued a warning about several vulnerabilities affecting Microsoft Windows systems. These vulnerabilities are...

In a significant advisory for Windows users, the Indian Computer Emergency Response Team (CERT-In), the national cybersecurity agency, has issued a warning regarding multiple vulnerabilities affecting various versions of Microsoft Windows, particularly Windows 10 and Windows 11. These...

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...

Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...

Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[Link Removed] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[Link Removed][6] These authorities are aware of...

Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...

Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...

Severity Rating: Critical Revision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information related to an uncommon...

Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This...

Revision Note: V1.0 (December 12, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory...

Revision Note: V1.0 (December 12, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory...

Revision Note: V1.0 (November 8, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are...

Original release date: June 13, 2017 | Last revised: July 07, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...

Revision Note: V1.0 (June 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. Continue reading...