Posts tagged Microsoft

18 min Zero-Day

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM.

5 min Windows

Are You Still Running End-of-Life Windows Servers?

Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020, but what does that mean in practice?

5 min Research

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date.

7 min Microsoft

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.

2 min Vulnerability Management

Active Exploitation of Unpatched Windows Font Parsing Vulnerability

Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).

3 min Risk Management

CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis

Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.

2 min Vulnerability Management

August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know

A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.

8 min Windows

PowerShell: How to Defend Against Malicious PowerShell Attacks

By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.

4 min Microsoft

Petya-like Ransomware Explained

TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to both gain entry to target networks and to spread laterally. Several research teams are reporting that once victims' disks are encrypted, they cannot be decrypted [http://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware

4 min Microsoft

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance [http://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share [http://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud] and establishing its position as the most-used, most-likely-to-renew [http://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-

2 min Microsoft

Patch Tuesday - June 2017

This month sees another spate of critical fixes [http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99] from Microsoft, including patches for a number of Remote Code Execution (RCE) vulnerabilities. Two of these are already known to be exploited in the wild ( CVE-2017-8543 [http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543] and CVE-2017-8464 [http://portal.msrc.microsoft.com/en-US/security-guidance/advis

2 min Microsoft

Patch Tuesday - May 2017

It's a relatively light month as far as Patch Tuesdays go, with Microsoft issuing fixes for a total of seven vulnerabilities as part of their standard update program. However, an eighth, highly critical vulnerability (CVE-2017-0290 [http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290] ) that had some of the security community buzzing over the weekend was also addressed [http://technet.microsoft.com/en-us/library/security/4022344] late Monday evening. A flaw in the

5 min Microsoft

Actionable Vulnerability Remediation Projects in InsightVM

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM [http://cwrvyk.zq-shop.net/products/insightvm/] was designed to drive more effective remediation efforts by allowing users to project manage efforts both large and small. Remediation Workflow is designed

1 min Microsoft

Patch Tuesday - April 2017

This month's updates deliver vital client-side fixes, resolving publicly disclosed remote code execution (RCE) vulnerabilities for Internet Explorer and Microsoft Office that attackers are already exploiting in the wild. In particular, they've patched the CVE-2017-0199 [http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199] zero-day flaw in Office and WordPad, which could allow an attacker to run arbitrary code on a victim's system if they are able to successfully soc

1 min Microsoft

Cisco Enable / Privileged Exec Support

In Nexpose [http://cwrvyk.zq-shop.net/products/nexpose/] version 6.4.28, we are adding support for privileged elevation on Cisco devices through enable command for those that are running SSH version 2. A fully privileged policy scan provides more accurate information on the target's compliance status, and the ability to do so through enable password, while keeping the actual user privilege low, adds an additional layer of security for your devices. This allows our users to run fully privileged po