Security specialists caution users about the exploitation of the recently disclosed Follina Bug found in all supported versions of Windows. Threat actors have actively utilized this vulnerability to install payloads such as the AsyncRAT trojan and infostealer. Understanding the Follina Vulnerability On May 27, 2022, the public became aware of a remote code execution (RCE)… Continue reading Attackers Exploit MSDT Follina Bug to Drop RAT
Tag: Microsoft Office
Critical vulnerability in Office fixed, but macOS update is delayed
As part of the January Patch Tuesday, Microsoft engineers fixed a critical vulnerability in Office that could allow attackers to remotely run malicious code on vulnerable systems. The RCE vulnerability identified as CVE-2022-21840 can be exploited on target devices with even the lowest privileges and in simple attacks that require user interaction. Basically, the user… Continue reading Critical vulnerability in Office fixed, but macOS update is delayed
Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities
As part of July Patch Tuesday, Microsoft fixed (released patches) for 117 vulnerabilities, of which 13 were classified as critical. That is, the July set of patches is twice as large as the May and June “Patch Tuesday” combined. This time, bugs were fixed in products such as Microsoft Office, SharePoint, Excel, Microsoft Exchange Server,… Continue reading Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities
Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue
As part of June Patch Tuesday, 50 vulnerabilities in Microsoft products were fixed, including six 0-day vulnerabilities in Windows. Vulnerabilities that have been patched were found in Microsoft Office, .NET Core and Visual Studio, Edge browser, Windows Cryptographic Services, SharePoint, Outlook and Excel. Six zero-day vulnerabilities that were already under attack were also addressed, with… Continue reading Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue