Zero-click Vulnerability on Windows TCP/IP IPv6 (CVE-2024-38063)
An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.
Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26162)
An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-26192)
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
Multiple Microsoft Outlook Vulnerabilities
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.
Microsoft Releases September 2023 Security Updates – Patch Now!
September 2023 Patch Tuesday. Microsoft released security updates for products that preempt and mitigate critical vulnerabilities that may affect your infrastructure.
Windows Server 2012 and 2012 R2 reaching end of support
October 10th, of 2023, might seem far off but that’s when Microsoft is ending support for Windows Server 2012 and Windows Server 2012 R2.
Reminder: Windows 10, version 20H2 end of servicing is May 9, 2023
If you’re still on Windows 10 version 20H2 Enterprise Edition — servicing stops on May 9, 2023. We strongly recommend upgrading eligible devices to Windows 10 or Windows 11. Contact us for assistance
Unpatched or Unsupported Microsoft Exchange Servers Can Expect an SMTP 450 Error
On Monday, March 24th, 2023, Microsoft announced that it is enabling a transport-based enforcement system in Exchange Online serving three functions: reporting, throttling, and blocking.
Microsoft Outlook Privilege Elevation Vulnerability (CVE-2023-23397)
CISA added a zero-day vulnerability affecting Microsoft Outlook that is actively exploited in the wild. Microsoft has released a patch for the vulnerability as part of their March 2023 Patch Tuesday.