zero-day

Microsoft Patch Tuesday – November 2023

This month, Microsoft released patches addressing 78 CVEs, including 3 zero-days + 2 publicly disclosed and 3 criticals. Let’s briefly review them! CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability The first zero-day looks more like a bypass than a privilege escalation. An attacker can bypass Windows Defender SmartScreen checks and other prompts. This bug

Microsoft Patch Tuesday – November 2023 Read More »

Microsoft Patch Tuesday – October 2023

For October, Microsoft released patches for 103 CVEs, including 3 zero-days and 13 criticals. Let’s briefly review them! CVE-2023-44487 – HTTP/2 Rapid Reset Attack The first zero-day was reported as being under active attack across Google systems in August 2023, but Microsoft released a patch for their products right now. This vulnerability allows attackers to

Microsoft Patch Tuesday – October 2023 Read More »

Microsoft Patch Tuesday – September 2023

This month the Patching Tuesday brings us 59 new CVEs including 2 zero-days and 5 criticals. Look like a common month? Let’s check! CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability This critical bug in Word comes first. Microsoft classified that as an information disclosure vulnerability, but… this one allows the disclosure of NTLM hashes, presumably

Microsoft Patch Tuesday – September 2023 Read More »

Microsoft Patch Tuesday – March 2023

Today’s Patch Tuesday brings us 74 new CVEs which contain 2 zero-days and 8 criticals. Let’s briefly review them! CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability The first zero-day should be treated seriously. This bug allows a remote, unauthenticated attacker to access a user’s Net-NTLMv2 hash by sending a specially crafted e-mail which triggers

Microsoft Patch Tuesday – March 2023 Read More »

Microsoft Patch Tuesday – January 2023

We are starting this year with a hard opening from Microsoft. 98 vulnerabilities where 2 are zero-days plus additional 11 criticals, and others marked as important. Let’s briefly review them! CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability This is the first zero-day under active attack. This vulnerability could lead to

Microsoft Patch Tuesday – January 2023 Read More »

Scroll to Top