Tag: Microsoft

Microsoft's Patch Tuesday is already a classic, but it is becoming increasingly important. Companies should therefore always patch the systems immediately. Two current zero-day vulnerabilities are not rated extremely high with a CVSSv3 score of 6.2 and 7.8, respectively, but they are currently being attacked because they are so widespread. This month's Patch Tuesday includes fixes for 61 CVEs, five of which are rated critical, 55 rated important, and one rated moderate. Microsoft has also fixed two zero-day vulnerabilities that have already been exploited in the wild….

Microsoft: Exchange server update paralyzes servers

August 11, 2023

Microsoft has released security updates for Exchange vulnerabilities affecting Exchange Server 2019 and 2016. However, these updates will cripple the server if it is not English-speaking. However, Microsoft now offers a workaround so that the servers can be patched. After all, it's about a vulnerability with a CVSS value of 9.8. Some administrators who implement necessary security updates immediately have experienced a bitter surprise. When installing the security updates Exchange Server 2019 and Exchange Server 2016, error messages rained down and some servers were paralyzed afterwards. The problem: As soon as the server was not operated in English, the…

Chinese hackers steal Azure AD signing keys

July 20, 2023

Microsoft launched an investigation into unauthorized access to the Exchange Online email services of several US government agencies. The experts found that the hack was successful with the help of vulnerabilities, stolen keys and an Azure AD signing key. But where the hackers got the keys from is probably still a mystery. Two dozen organizations, including US government agencies, were recently hacked. Chinese hackers stole a consumer signing key for an inactive Microsoft account (MSA). The incident was reported by US government officials after several government agencies discovered unauthorized access to Exchange Online email services. Action by Chinese professional hackers Microsoft…

Microsoft discovers Storm-0978 spying phishing

July 16, 2023

Microsoft has identified a phishing campaign by Russian threat actor Storm-0978 targeting defense and government agencies in Europe and North America. It's about financial data and espionage in the attack. Storm-0978 (DEV-0978; also referred to by other vendors as RomCom, the name of their backdoor) is a Russia-based cybercriminal group known for conducting opportunistic ransomware and extortion operations, as well as credential-targeting attacks. Storm-0978 operates, develops and distributes the RomCom backdoor. The actor also deploys the underground ransomware, which is closely related to the Industrial Spy ransomware, which first appeared in the wild in May 2022…

100 malicious drivers signed by Microsoft detected

July 15, 2023

Sophos experts have discovered 100 malicious drivers signed by Microsoft Windows Hardware Compatibility Publisher (WHCP). Most are so-called "EDR killers" specifically designed to attack and terminate various EDR/AV software on victims' systems. Sophos X-Ops has detected 133 malicious drivers signed with legitimate digital certificates; 100 of them were signed by the Microsoft Windows Hardware Compatibility Publisher (WHCP). Drivers signed by WHCP are fundamentally trusted by every Windows system, allowing attackers to install them without raising an alarm and then carry out malicious activities virtually unhindered….

No patch available: Microsoft Office with zero-day vulnerability

July 14, 2023

According to the BSI, the manufacturer Microsoft announced a zero-day vulnerability in the Office suite on July 11, 2023, which is being actively exploited. The CVE-2023-36884 vulnerability has been released and has a high risk CVSS score of 8.3 (CVSS v3.1). Microsoft cannot yet offer a patch for the vulnerability! On July 11, 2023, the manufacturer Microsoft announced the zero-day vulnerability CVE-2023-36884 in the Office suite, which is being actively exploited. With a CVSS value of 8.3, the chess spot is considered highly dangerous. According to the manufacturer, a remote attacker can achieve remote code execution if…

New vulnerabilities: OneNote, macros, UEFI

July 9, 2023

The threat report shows new attack methods: Cyber criminals exploit UEFI vulnerabilities and misuse Microsoft file formats to circumvent macro security functions. The number of IT attacks averted is stagnating at a high level. This emerges from the current threat report from G DATA CyberDefense. There are numerous vulnerabilities that cybercriminals consistently exploit. How UEFI bootkits disable security features and make systems vulnerable. Another scam used by attackers is manipulated OneNote or Publisher files that contain malware. Vulnerabilities are exploited immediately The current threat report from G DATA CyberDefense proves that attackers quickly react to a changed situation...

Microsoft Office: Researchers discover vulnerability

June 24, 2023

Important Word documents that are protected by a signature can still be modified due to a vulnerability. Microsoft has only patched 5 of 4 vulnerabilities that allow modification. So the problem still exists, according to researchers at the Ruhr University in Bochum and the Mainz University of Applied Sciences. If you want to securely send an important Word document digitally, you can protect it with a signature – actually. Because, as researchers from the Chair for Network and Data Security at the Horst Görtz Institute for IT Security at the Ruhr University Bochum and the Mainz University of Applied Sciences have discovered, unnoticed manipulation of the document is child's play for...

Blocked macros: Attackers find new ways

June 23, 2023