Security News

Hackers Target Two Unpatched Flaws in Windows Adobe Type Manager Library
2020-03-23 19:46

Microsoft informed customers on Monday that it's working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a "Specially-crafted multi-master font - Adobe Type 1 PostScript format."

Windows users under attack via two new RCE zero-days
2020-03-23 18:46

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. "There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane," the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.

Microsoft Warns of Critical Windows Zero-Day Flaws
2020-03-23 18:27

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Microsoft Warns of Critical Windows Zero-Day Flaws
2020-03-23 18:27

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. "Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," according to a Monday Microsoft security advisory.

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
2020-03-23 12:18

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system-including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.

Oracle VirtualBox, Adobe Reader, Windows Hacked at Pwn2Own 2020
2020-03-20 05:12

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for demonstrating that they could hijack a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

Researchers Hack Windows, Ubuntu, macOS at Pwn2Own 2020
2020-03-19 05:28

On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS. Pwn2Own typically takes place at the CanSecWest cybersecurity conference in Vancouver, Canada, and participants have to attend in person. On the first day of Pwn2Own 2020, a team from the Georgia Tech Systems Software & Security Lab successfully executed code on macOS through Safari.

Users Complain About Windows Update That Patches SMBGhost Vulnerability
2020-03-17 12:59

Some users have complained that the Windows security update released recently by Microsoft to patch a wormable vulnerability related to Server Message Block 3.0 is causing problems. Microsoft released an out-of-band update for Windows 10 and Windows Server on March 12 to fix CVE-2020-0796, a vulnerability that can allow an unauthenticated attacker to execute arbitrary code on SMB servers and clients.

Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw
2020-03-16 11:58

In the case of the critical Windows 10 Server Message Block vulnerability left unpatched in March's otherwise bumper Windows Patch Tuesday update, the answer is two days. That's how long it took Microsoft to change its mind about releasing a fix after news of the remote code execution flaw leaked in now-deleted vendor posts and word spread to customers.

Out-of-Band Windows Updates Patch Wormable SMB Vulnerability
2020-03-12 19:23

Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 that has been described as "Wormable." The vulnerability, related to the way SMB 3.1.1 handles certain requests, can be exploited by an unauthenticated attacker to execute arbitrary code on SMB servers and clients.