Security News
Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019. What data was published? These are logs of customer service and support interactions between 2005 and now.
Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019. What data was published? These are logs of customer service and support interactions between 2005 and now.
Nearly 250 million Microsoft Customer Service and Support records were found exposed to the Internet in five insecure Elasticsearch databases, Comparitech reports. While most of the personal information in those records was redacted, many records contained plain text data.
If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" records on the Internet due to a misconfigured server containing logs of conversations between its support team and customers.
An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system," Microsoft explained.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.
Microsoft announced on Friday that it's in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. According to Microsoft, the vulnerability can be exploited for remote code execution in the context of the targeted user.
Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer browser that attackers are actively exploiting in the wild - and there is no patch yet available for it. A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.
Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability for Internet Explorer. In brief... A poorly configured Elasticsearch database left an app's baby photos and videos accessible from the public internet.
Microsoft this week announced a new source code analyzer designed to identify interesting characteristics of code. Called Microsoft Application Inspector, the new tool doesn't focus on discovering poor programming practices in the analyzed code.