Author name: Artur Kukula

Microsoft Patch Tuesday – November 2023

This month, Microsoft released patches addressing 78 CVEs, including 3 zero-days + 2 publicly disclosed and 3 criticals. Let’s briefly review them! CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability The first zero-day looks more like a bypass than a privilege escalation. An attacker can bypass Windows Defender SmartScreen checks and other prompts. This bug

Microsoft Patch Tuesday – November 2023 Read More »

Microsoft Patch Tuesday – October 2023

For October, Microsoft released patches for 103 CVEs, including 3 zero-days and 13 criticals. Let’s briefly review them! CVE-2023-44487 – HTTP/2 Rapid Reset Attack The first zero-day was reported as being under active attack across Google systems in August 2023, but Microsoft released a patch for their products right now. This vulnerability allows attackers to

Microsoft Patch Tuesday – October 2023 Read More »

Microsoft Patch Tuesday – September 2023

This month the Patching Tuesday brings us 59 new CVEs including 2 zero-days and 5 criticals. Look like a common month? Let’s check! CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability This critical bug in Word comes first. Microsoft classified that as an information disclosure vulnerability, but… this one allows the disclosure of NTLM hashes, presumably

Microsoft Patch Tuesday – September 2023 Read More »

Microsoft Patch Tuesday – June 2023

Today’s Patch Tuesday brings us 69 new CVEs which contain 6 criticals. Not that bad, so let’s briefly review them! CVE-2023-29363 / CVE-2023-32014 / CVE-2023-32015 – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability We’re starting hard. 3 vulnerabilities in Windows Pragmatic General Multicast with CVSS = 9.8. They allow a remote, unauthenticated attacker

Microsoft Patch Tuesday – June 2023 Read More »

Microsoft Patch Tuesday – March 2023

Today’s Patch Tuesday brings us 74 new CVEs which contain 2 zero-days and 8 criticals. Let’s briefly review them! CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability The first zero-day should be treated seriously. This bug allows a remote, unauthenticated attacker to access a user’s Net-NTLMv2 hash by sending a specially crafted e-mail which triggers

Microsoft Patch Tuesday – March 2023 Read More »

Scroll to Top