MS Office

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333 […]

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

Phishers send corrupted documents to bypass email security

Any.Run, Don't miss, email security, Hot stuff, MS Office, News, phishing /

Phishers send corrupted documents to bypass email security 2024-12-03 at 14:18 By Zeljka Zorz Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses.

React to this headline:

Loading spinner

Phishers send corrupted documents to bypass email security Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

0-day, authentication, Don't miss, Hot stuff, Microsoft 365, MS Office, News, PrivSec /

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) 2024-08-12 at 13:31 By Zeljka Zorz A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interaction to be

React to this headline:

Loading spinner

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) Read More »

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

0-day, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, Morphisec, MS Office, News, vulnerability /

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) 2024-07-10 at 15:46 By Zeljka Zorz CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li

React to this headline:

Loading spinner

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) Read More »

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

0-day, APT, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, MS Office, News, Tenable, Trend Micro, vulnerability /

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

Don't miss, Hot stuff, Microsoft, MS Office, News, Patch Tuesday, security update, SharePoint, Tenable, Trend Micro /

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) 2024-01-09 at 22:02 By Zeljka Zorz For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have been previously publicly disclosed. The

React to this headline:

Loading spinner

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) Read More »

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ

Automox, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, Microsoft Teams, MS Office, News, Patch Tuesday, security update, Trend Micro /

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ 08/08/2023 at 22:46 By Zeljka Zorz August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a

React to this headline:

Loading spinner

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ Read More »

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

0-day, BlackBerry, Cisco, cyber espionage, cybercrime, Don't miss, drivers, Google, Hot stuff, Microsoft, MS Office, News, Ransomware, rootkits, security update, Tenable, Trend Micro, Volexity, vulnerability, Windows /

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks

React to this headline:

Loading spinner

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) Read More »

Scroll to Top