Microsoft Exchange 2013 and newer versions are vulnerable to a privilege escalation attack that gives anyone with a mailbox a way to gain domain administrator rights at potentially 90% of organizations running Active Directory and Exchange, according to a security researcher.
Researchers at Embedi, a firm specializing in security for embedded devices, today released a report on a 17-year-old remote code execution vulnerability in Microsoft Office, which was patched today. They claim it has not been patched and Microsoft did not know it existed.
The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely
Macro-based Microsoft Office malware is a go-to tactic for aspiring cybercriminals because it's reliable and effective. Since macros remain an integral part of Word documents, many companies don't disable them by default, and users often open .doc attachments. But with enterprise IT on the war path for signs of any macro malware attack, criminals are
Microsoft has unleashed its September Patch Tuesday bug fix bonanza, patching 82 flaws in total. Among the 82 fixes, 26 of which have been rated 'critical', includes a patch for an actively exploited zero-day vulnerability tied to Microsoft's .NET framework.
As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007.
Microsoft sparked a curious squabble over malware discovery and infection rates. At the start of the month security firm Check Point reported on a browser hijacker and malware downloader called Fireball. The firm claimed that it had recently discovered the Chinese malware and that it had infected some 250 million systems.
We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to