security advisory

Introduction In today's increasingly digital workspace, the implications of software vulnerabilities cannot be overstated, particularly within widely-used applications like Microsoft Excel. The recent announcement of CVE-2024-38170 highlights a critical remote code execution vulnerability, which...

In recent news, the Indian Computer Emergency Response Team (CERT-In) has issued a critical advisory concerning multiple vulnerabilities affecting Microsoft's widely-used Windows operating systems, specifically targeting versions 10, 11, and Windows Server. These findings underscore the...

Overview of the Vulnerability Alert In an urgent advisory, the Indian Computer Emergency Response Team (CERT-In), part of the Ministry of Electronics and Information Technology, issued a warning about several vulnerabilities affecting Microsoft Windows systems. These vulnerabilities are...

In a significant advisory for Windows users, the Indian Computer Emergency Response Team (CERT-In), the national cybersecurity agency, has issued a warning regarding multiple vulnerabilities affecting various versions of Microsoft Windows, particularly Windows 10 and Windows 11. These...

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...

Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...

Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[Link Removed] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[Link Removed][6] These authorities are aware of...

Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...

Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...

Severity Rating: Critical Revision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to be installed: “the current cumulative update”. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information related to an uncommon...

Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This...

Revision Note: V1.0 (December 12, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory...

Revision Note: V1.0 (December 12, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for directory synchronization. This advisory...

Revision Note: V1.0 (November 8, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information regarding security settings for Microsoft Office applications. This advisory provides guidance on what users can do to ensure that these applications are...

Original release date: June 13, 2017 | Last revised: July 07, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...

Revision Note: V1.0 (June 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (May 9, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information related to an uncommon deployment scenario in which the Windows Update Client may not properly scan for, or download, updates. Continue...

Revision Note: V1.0 (January 10, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure...

Revision Note: V1.0 (January 12, 2016): Advisory published. Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016. Continue reading...

Revision Note: V1.0 (December 8, 2015): Advisory published. Summary: Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used...