Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-34733: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

Microsoft Security Response Center
Open in Source
#sql#vulnerability#web#microsoft#rce#auth#Windows OLE#Security Vulnerability
CVE-2022-34731: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2022-35840: Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2022-34726: Microsoft ODBC Driver Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.

Google Buys Cyber Security Firm Mandiant for $5.4 Billion

By Waqas Mandiant will be integrated into the Google Cloud unit. This is a post from HackRead.com Read the original post: Google Buys Cyber Security Firm Mandiant for $5.4 Billion

CVE-2022-36174: Freshservice Release Notes - April 2022 | Freshworks Community

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

6 patch management best practices for businesses

Categories: Business Patching is a thorn in the side of many businesses today: Everything from keeping up with the volume of patches to prioritizing what needs to be patched first can cause major delays in a business's patching process. In this post, we’ll give you six patch management best practices for businesses. (Read more...) The post 6 patch management best practices for businesses appeared first on Malwarebytes Labs.

Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats

Users must continually be made aware of new threats, including attacks targeting shipping, the supply chain, email, and hybrid workers.

Scammers Leveraging Microsoft Team GIFs in Phishing Attacks

By Deeba Ahmed Dubbed GIFShell; the technique allows attackers to create a reverse shell to facilitate malicious command delivery via base64-encoded GIFs in MS Teams. This is a post from HackRead.com Read the original post: Scammers Leveraging Microsoft Team GIFs in Phishing Attacks