SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Mozilla Security Update December 2021
Mozilla has finally released security update December 2021 for its browsers Firefox and Firefox ESR and mailing client Thunderbird. So, there are 13 vulnerabilities in Firefox, ten vulnerabilities in Firefox ESR, and 11 vulnerabilities in Thunderbird that have been found and fixed by using their vul...
CVE Research
Mozilla Fixes Critical Vulnerability In Cryptographic Libraries
Mozilla has recently fixed a critical memory corruption vulnerability using their vulnerability manager. This was affecting its cross-platform Network Security Services (NSS) set of cryptographic libraries. Companies like AOL, Red Hat, and Google, as well as other organizations, use Network Securit...
CVE Research
Why Addressing Vulnerabilities Is A Challenging Process For An IT Security Team
As the IT infrastructure and the business data becomes more complex, security concerns in businesses increase drastically. According to the National Vulnerabilities Database, the number of Common Vulnerabilities and Exploit in a network has tripled since 2016. As a result, cybercriminals are taking ...
CVE Research
New Windows Installer Zero-Day Flaw exploited in the Wild
Microsoft recently patched a Windows Installer Elevation of Privilege vulnerability tracked as CVE-2021-41379 in its November Patch Tuesday. As we know, the security researcher Abdelhamid Naceri discovered and reported this vulnerability. But surprisingly, recently, he also found that the fix releas...
CVE Research
Are you Remediating High Risk and Critical Vulnerabilities First?
Organizations have been relying on CVSS scores to triage the vulnerabilities in their environment. They are a good place to start, but cannot be the only factor to assess the severity. CVSS scores are assigned at the time of discovery of the vulnerability. However, they do not account for the changi...
CVE Research
An Information Security Admin’s Nightmare
‘To patch or not to patch’ is the perplexing dilemma that every security admin goes through almost every day. Patching and applying security patches is the fundamental aspect of increasing an organization’s resilience from malware, ransomware attacks enacted by hackers. To a non-security professiona...
CVE Research
Intel Addresses 3 High Severity Vulnerabilities in BIOS of Several Processors
Intel has recently disclosed a short advisory with details of high severity for 3 CVEs here. They are CVE-2021-0157, CVE-2021-0158, and CVE-2021-0146. The first two are related to BIOS firmware-based vulnerabilities. Once the attacker accesses the BIOS firmware settings, they can exploit the weaknes...
CVE Research
Microsoft Released Emergency Out-Of-Band Updates To Fix Windows Server Authentication Issues
After the November patch Tuesday, Microsoft released emergency Out-Of-Band update to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC). Firstly, these authentication issues impact systems that are running Windows Server 2019 and lower versions...
CVE Research
Microsoft November 2021 Patch Tuesday Addresses 55 Vulnerabilities Including 6 zero-days
Microsoft has released Patch Tuesday November 2021 security updates with a total of 55 Vulnerabilities, including six Zero-days rated as critical, while 49 vulnerabilities are rated important. The products covered in November’s security update include Microsoft Exchange, Excel, 3D Viewer, Azure, Mic...