Zerologon is the name that has been given to a vulnerability identified in CVE-2020-1472. Due to the flaw in the logon process, it is called zerologon, where the initialization vector (IV) is set to all zeros all the time, while a random number should still be an initialization vector (IV). Continue Reading
Both security scientists and U.S. government establishments are exhorting admins to deal with Microsoft’s serious privilege escalation vulnerability. Proof-of-concept (PoC) exploit code, released for a Windows vulnerability, could let hackers to penetrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). Called “Zerologon”, the Continue Reading
On Tuesday, tech giant Microsoft issued a fresh batch of security updates to patch as many as 129 new security flaws impacting different versions of its Windows operating systems and relevant software. Unlike the last few months, none of the security flaws the Microsoft fixed in September are registered as Continue Reading
Researchers have highlighted that the actively exploited Windows deceiving flaw fixed by Microsoft last week has existed for more than two years. The tech giant’s August 2020 Patch Tuesday updates dealt with 120 flaws, including an Internet Explorer zero-day that has been chained with a Windows vulnerability in attacks connected Continue Reading
In August, Microsoft has patched 120 flaws across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework. Tracked as CVE-2020-1464, the Windows spoofing flaw is linked to Windows erroneously authenticating file signatures. A hacker can exploit this vulnerability to sidestep security features and load Continue Reading
By