Found 13 bookmarks
Custom sorting
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
#securityweek#EN#2024#Microsoft#Copilot#Studio#Vulnerability#information#disclosure#bug#CVE-2024-38206
·securityweek.com·
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
#bleepingcomputer#EN#2024#Your#Lazarus#Own#BYOVD#Driver#Zero-Day#Vulnerability#Bring#CVE-2024-38193#Group#Microsoft
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device
#Microsoft#en#2023#research#vulnerability#macOS#Migraine#bypass#SIP
·microsoft.com·
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
#Nimbuspwn#microsoft#EN#2022#CVE-2022-29799#CVE-2022-29800#vulnerability#Linux#D-Bus#TOCTOU#networkd-dispatcher
·microsoft.com·
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
#Nimbuspwn#microsoft#EN#2022#CVE-2022-29799#CVE-2022-29800#vulnerability#Linux#D-Bus#TOCTOU#networkd-dispatcher
·microsoft.com·
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
#Nimbuspwn#microsoft#EN#2022#CVE-2022-29799#CVE-2022-29800#vulnerability#Linux#D-Bus#TOCTOU#networkd-dispatcher
·microsoft.com·
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn