Microsoft has released patches to fix two remote code execution vulnerabilities in Microsoft Windows Codecs Library. HEVC or Windows codecs library is responsible for handling large media files and decoding them for playback. HEVC is used by developers as it supports a multitude of different file formats. This Windows Extension is designed to take advantage […]

Read More →

Treck TCP/IP is a high-performance TCP/IP protocol suite designed for embedded systems. A set of 19 critical and high-severity security vulnerabilities have been discovered by Israeli security research firm JSOF in a low-level TCP/IP software library developed by Treck. Dubbed “Ripple20“, affecting hundreds of millions of internet of things (IoT) and industrial control devices. If […]

Read More →

Microsoft has released May Patch Tuesday security updates, addressing a total of 111 vulnerabilities in the family of Windows operating systems and related products. Out of these, 16 are classified as Critical and 95 as Important which includes Microsoft Windows, Edge EdgeHTML-based, Chromium-based, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services and Web Apps, […]

Read More →

  Mozilla fixed two critical zero-days in its popular web browser, Firefox. Mozilla is aware of active exploitation of these vulnerabilities. There is no specific information about the threat groups or malwares utilizing these vulnerabilities. Firefox Zero-Days As per the advisory, CVE-2020-6819 is a use-after-free vulnerability when running the nsDocShell destructor due to a  race […]

Read More →

Microsoft and its updates are of utmost interest for the security community during the second Tuesday of every month, the Patch Tuesday. However, Microsoft has filled the headlines of the fourth Tuesday too with important information about two critical unpatched zero-days in Microsoft Windows operating systems. A critical advisory has been released by Microsoft, urging […]

Read More →

Microsoft has released March Patch Tuesday security updates, addressing a total of 113 vulnerabilities in the family of Windows operating systems and related products. Out of these, 26 are classified as Critical and 86 as Important which includes Office Services and Web Apps, Internet Explorer, Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), Microsoft Exchange Server, Azure […]

Read More →

A critical 17-year-old remote code execution bug was discovered in pppd (Point to Point Protocol Daemon). PPPD is used to manage network connections between two nodes on Unix-like operating systems and is responsible for managing PPP session establishment and session termination. The vulnerability, tracked as CVE-2020-8597, is a flaw in the Extensible Authentication Protocol (EAP) […]

Read More →

Microsoft rightly predicted that systems vulnerable to CVE-2020-0688, could be an attractive target for attackers and that this vulnerability could soon be included in upcoming attacks. Standing true to that, attackers have now started scanning the Internet for Microsoft Exchange Servers vulnerable to a Remote Code Execution flaw(CVE-2020-0688). This vulnerability received a patch during the […]

Read More →

Microsoft has released February Patch Tuesday security updates, addressing total 101 vulnerabilities in the family of Windows operating systems and related products. Out of these, 13 are classified as Critical and 88 as Important which includes Office Services and Web Apps, Internet Explorer, Edge, Microsoft Exchange Server, Malicious Software Removal Tool, and Surface Hub. The […]

Read More →

Researchers have discovered a critical remote code execution bug in OpenSMTPD email server. This flaw in OpenSMTPD, OpenBSD‘s mail server, is known to be exploitable since May 2018.  The vulnerability, tracked as CVE-2020-7247, is exploitable both locally and remotely. OpenSMTPD is a Unix daemon which implements the Simple Mail Transfer Protocol to deliver messages on […]

Read More →