Security News
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.
Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization. Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older. An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.
With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older. An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.
Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don't want to wait for the official patch. On Thursday, ACROS Security announced the availability of a micro-patch for a remote code execution vulnerability in Zoom Client for Windows.
A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. The vulnerability has been discovered by a researcher who reported it to Acros Security, who then reported the flaw to the Zoom security team earlier today.
Microsoft this week announced Kernel Data Protection, new technology that aims to protect the Windows kernel and drivers from data corruption attacks. KDP builds upon the technology included by default in Secured-core PCs and adds another layer of protection for configuration data.
Microsoft has released fixes for two remote code execution vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. Both flaws - CVE-2020-1425 and CVE-2020-1457 - arose because of the way the Microsoft Windows Codecs Library handled objects in memory.
Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library. The out-of-band updates, addressing a critical-severity flaw and important-severity vulnerability, were sent out via Windows Update Tuesday night and affect several versions of Windows 10 and Windows Server 2019.
Microsoft on Tuesday published advisories to provide details on two remote code execution vulnerabilities addressed in the Windows Codecs Library. Both of these vulnerabilities are related to the manner in which the affected Windows component handles objects in memory and both feature a CVSS score of 7.3.