Discover and read the best of Twitter Threads about #patchtuesday
Most recents (4)
The real excitement in this month’s 121-CVE #PatchTuesday collection wasn’t the size of the haul; it was the part where Microsoft took us all the way back to 2019 for a moment.
1/6
1/6
Remember Follina, the MSDT issue that rolled onstage in late May? Turns out that vulnerability (CVE-2022-30190) has a cousin. An *older* cousin. 2/6
Researcher Imre Rad reported to the company back in December 2019. We explain in today’s blog post how it is you’re only hearing about it in August 2022. 3/6
[#thread 🧵] Last week in #Microsoft #PatchTuesday, a critical vulnerability was patched that theoretically allows attackers to achieve Remote Code Execution on a target #IIS server (CVE-2022-21907). I'll explain how it works in this thread ⬇️
[#thread 🧵(2/9)] A bit of History !
First of all, it is important to know that this vulnerability is a sibling of CVE-2021-31166 disclosed in May of last year. These two vulnerabilities occur in the parsing of HTTP headers of an incoming request, within the http.sys driver.
First of all, it is important to know that this vulnerability is a sibling of CVE-2021-31166 disclosed in May of last year. These two vulnerabilities occur in the parsing of HTTP headers of an incoming request, within the http.sys driver.
[#thread 🧵(3/9)] But what happens exactly 🤔 ?
To understand what happens in a kernel driver crash, It's important to analyze the kernel #crashdump generated at the moment of the blue screen! Let's open it in #WinDbg and analyze it!
To understand what happens in a kernel driver crash, It's important to analyze the kernel #crashdump generated at the moment of the blue screen! Let's open it in #WinDbg and analyze it!
#PatchTuesday ICYMI
Microsoft wraps up 2021 with 64 patched vulnerabilities—including Windows 7 fixes...
1/11
Microsoft wraps up 2021 with 64 patched vulnerabilities—including Windows 7 fixes...
1/11
While Log4J may have cast a very long shadow over this month, Microsoft has released fixes for 64 more vulnerabilities in its software products, including 16 Chromium-based bugs in the Edge browser that were already patched in updates pushed since last month. 2/11
Some of the remaining fixes apply to versions of Windows stretching back to the end-of-life’d Windows 7...
There are 17 bugs being patched in Windows 7 this month, including three of this month’s seven critical vulnerabilities—all of which are remote code execution bugs. 3/11
There are 17 bugs being patched in Windows 7 this month, including three of this month’s seven critical vulnerabilities—all of which are remote code execution bugs. 3/11
WARNING 🔥 CVE-2020-1350 (CVSS 10)
A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.
Details — thehackernews.com/2020/07/window…
#infosec
A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.
Details — thehackernews.com/2020/07/window…
#infosec
Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.
#cybersecurity #sysadmins #microsoft #informationsecurity
#cybersecurity #sysadmins #microsoft #informationsecurity
If exploited, #SigRed Windows Server #vulnerability enables hackers to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials, and eventually compromise an organization's entire IT infrastructure.
thehackernews.com/2020/07/window…
thehackernews.com/2020/07/window…
