#microsoft

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

**How do I get the update for Outlook for IOS?** 1. Tap the Settings Icon 2. Tap the iTunes & App Store 3. Turn on AUTOMATIC DOWNLOADS for Apps **Alternatively** 1. Tap the App Store Icon 2. Scroll down to find Microsoft Outlook 3. Tap the Update button

**How could an attacker exploit the vulnerability?** An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files.

**How could an attacker exploit this vulnerability?** An attacker needs to edit the local configuration file to contain malicious code, then send the request to the server to exploit this vulnerability.

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

CISA has added CVE-2024-40766 to its Known Exploited Vulnerabilities catalog.

Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.

Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management  Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly