Security News

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. Microsoft said that installing the latest update "Stops the attack chain" leading to the remote code execution bug.

The advisory for that flaw, ADV230003, is related to last month's CVE-2023-36884 in Microsoft Office, and as the IT giant notes, it's a "Defense in depth update." Installing the update "Stops the attack chain leading to the Windows Search security feature bypass vulnerability," we're told. Finally the XMP-Toolkit-SDK update plugs an important security hole that could lead to application denial of service.

Microsoft's Visual Studio Code code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS credential managers. Cycode researcher Alex Ilgayev told BleepingComputer that other than the built-in GitHub and Microsoft authentication, all of the saved credentials from use of third-party extensions.

Microsoft is working on creating guidelines for red teams making sure generative AI is secure and responsible.

Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks. In today's Microsoft August Patch Tuesday, the update helps fix CVE-2023-36884, a security issue disclosed in July, which Microsoft did not patch at the time but provided mitigation advice.

August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in. There is a Microsoft Office "Defense in Depth Update" available that, according to Microsoft, stops the attack chain leading to CVE-2023-36884, a Windows Search RCE vulnerability that has been previously exploited by Russian hackers in targeted attacks.

Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities. This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks and one of them publicly disclosed.

Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access. Cloud misconfiguration - incorrect control settings applied to both hardware and software elements in the cloud - are threat vectors that amplify the risk of data breaches.

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key.

Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable. On July 10, Tenable again contacted Microsoft to reports its findings on what it regarded as a dangerously incomplete fix.