CyberSecurity
on January 9, 2025 at 8:00 am — CVE-2025-21385 Microsoft Purview Information Disclosure Vulnerability
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
on January 9, 2025 at 8:00 am — CVE-2025-21380 Azure Marketplace SaaS Resources Information Disclosure Vulnerability
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
on December 31, 2024 at 8:00 am — CVE-2024-49051 Microsoft PC Manager Elevation of Privilege Vulnerability
To comprehensively address CVE-2024-49051, Microsoft released security updates on December 10, 2024 for Microsoft PC Manager. Microsoft recommends that customers running this product install the updates to be fully protected from the vulnerability.
on December 23, 2024 at 8:00 am — CVE-2024-43600 Microsoft Office Elevation of Privilege Vulnerability
In the Security Updates Table, removed KB2920716 from the Office 2016 for 32-bit version as this update does not apply to this version.
on December 23, 2024 at 8:00 am — CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
Providing further clarification about how to configure the EnableCertPaddingCheck registry value to implement and revert the improvement to authenticode signature verification. Customers who had successfully followed previous guidance do not need to make further changes to their systems. Although Windows treats the EnableCertPaddingCheck value as a DWORD, its actual registry value type does not matter,
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12692 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12692 Type Confusion in V8 Read More »
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12695 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12695 Out of bounds write in V8 Read More »
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12693 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12694 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
on December 19, 2024 at 9:59 pm — Chromium: CVE-2024-12694 Use after free in Compositing Read More »