Please turn on your JavaScript for this page to function normally.
Windows
Wormable Windows SMBv3 RCE flaw leaked, but not patched

Yesterday, when Microsoft released its regular Patch Tuesday fixes, Cisco Talos and Fortinet inadvertently(?) also published information about CVE-2020-0796, a …

bomb
BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable

Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable …

gap
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now

There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …

Microsoft Attack Surface Analyzer
Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too

Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new …

patch
Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities

For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a …

Windows
Windows Servers in danger of being compromised via WDS bug

Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly …

arrows
PoC exploit for Windows Shell RCE released

Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited …

AMD
AMD users running Windows 10 get their Spectre fix

AMD has released new microcode updates for mitigating variant 2 of the Spectre attack and Microsoft has released an OS update with the mitigation to AMD users running Windows …

Microsoft Remote Desktop
Dangerous CredSSP flaw opens door into corporate servers

A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be …

World target
Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers

Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato …

Intel Skylake
Microsoft releases Spectre fixes for Windows 10 on Skylake CPUs

Microsoft has pushed out a new set of Spectre (variant 2) security updates. For the moment, these are just for some devices running on Skylake CPUs and Windows 10 Fall …

alert
Spectre updates will slow down Windows servers and PCs running older versions of the OS

While Intel continues to play down the slowing effect the patches for Meltdown and Spectre can have on machines using their CPUs, Microsoft has finally shared some – …

Don't miss

Cybersecurity news