Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Intel's New Xeon Chip Pushes Confidential Computing to the Cloud

After a delay of more than a year, Intel's on-chip confidential computing feature is coming to all the major cloud providers, starting with Microsoft's Azure.

DARKReading
Open in Source
#mac#google#microsoft#intel#amd#alibaba#auth#ibm#sap#ssl
GHSA-8f7f-vqg5-jrv9: .NET Denial of Service Vulnerability

# Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends an invalid request to an exposed endpoint. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/runtime/issues/80449 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.12 or earlier. If your application uses the following package versions, en...

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

Microsoft Patch Tuesday, January 2023 Edition

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

CVE-2023-21724

Microsoft DWM Core Library Elevation of Privilege Vulnerability.

CVE-2023-21736

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21737, CVE-2023-21738.

CVE-2023-21763

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21764.

CVE-2023-21764

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.

CVE-2023-21761

Microsoft Exchange Server Information Disclosure Vulnerability.

CVE-2023-21762

Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21745.