#microsoft

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.

Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020.

Patch Tuesday for June 2022 brought a fix for Follina and many other security vulnerabilities. Time to figure out what needs to be prioritized. The post Update now!  Microsoft patches Follina, and many other security updates appeared first on Malwarebytes Labs.

Microsoft is ready to phase out Internet Explorer and will start the procedure today. Are you ready as well? And will it solve a lot of security issues? The post It’s official, today you can say goodbye to Internet Explorer. Or can you? appeared first on Malwarebytes Labs.

Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that's seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are 55 other flaws, three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately, five other shortcomings were resolved in the Microsoft Edge browser. <!-

By Deeba Ahmed A Chinese-speaking, technically skilled threat actor distributes backdoored applications to extract cash from victims in the newly discovered… This is a post from HackRead.com Read the original post: Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0) where a nuget.org api key could leak due to an incorrect comparison with a server url. ### Affected software #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.2.0 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.0.1 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 5.11.1 version or earlier. - Any NuG...

Here are which Microsoft patches to prioritize among the June Patch Tuesday batch.