A blog about IT and other stuff :-)
Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when…
Read more
The Windows Exploits seems to to rolling out this july! Yesterday a new: Windows Elevation of Privilege Vulnerability Was shown to the public 🙁 CVE-2021-36934 – Security Update Guide – Microsoft – Windows Elevation of Privilege Vulnerability New…
Read more
Microsoft has released a Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability, telling how things have to be right now, to mitigate the possibilities of an exploit, here it is important to check the registry keys: Microsoft has focused…
Read more
The patches are out, download them from this page, look near the bottom 🙂 CVE-2021-34527 – Security Update Guide – Microsoft – Windows Print Spooler Remote Code Execution Vulnerability Photo: Lansweeper.com
Here we go again, a new PoC is in the wild and it’s attacking your print spooler!! The lastest update from Microsoft does not patch this and even Windows 7 to Windows 2019 is vulnerable. Mitigation: Stop the spooler on…
Read more
Here we go again 🙁 !! Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 These updates are available for the following specific builds of Exchange Server: IMPORTANT: If manually installing security…
Read more
Microsoft has released a new, one-click mitigation tool, Microsoft Exchange On-Premises Mitigation Tool to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019…
Read more
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to…
Read more
This one, wow what a pain in the a****** It took me hours to finally debug this issue. Had setup NPS on a Windows 2019 server, like many times before, registered it in the Active Directory, and installed the Use…
Read more
IMPORTANT: An old bug was dicovered in the Microsot DNS Server components, update your DNS server asap!! SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003…
Read more
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.