Home

May 7, 2019

Multiple Vulnerabilities In Microsoft Server Infrastructure Allows Arbitrary Code Execution

authorarticle: Master3395
microoft-bug.jpg
video: 
youtube: 
sources: 
keywords: arbitrary code execution, bug, code execution, code execution flaw, code injection, code injection flaw, flaw, information disclosure, microsoft, Microsoft bug, Microsoft patch, microsoft vulnerability, vulnerabilities, vulnerability
Category: Microsoft
Posted by: Admin

Researchers have discovered numerous vulnerabilities in Microsoft server. These vulnerabilities, upon exploit, could threaten the integrity and confidentiality of the systems. Two of these vulnerabilities could even allow arbitrary code execution.

Researchers have discovered numerous vulnerabilities in Microsoft server. These vulnerabilities, upon exploit, could threaten the integrity and confidentiality of the systems. Two of these vulnerabilities could even allow arbitrary code execution.

Vulnerabilities In Microsoft Server Infrastructure
Recently, researchers at Swascan have found multiple security vulnerabilities affecting the Microsoft server infrastructure. These vulnerabilities could lead to varying results. They have allegedly discovered several flaws, two of which could result in arbitrary code execution.

As stated in their blog post, the Swascan team has spotted five different security flaws.

Swascan identified 5 vulnerabilities related to Microsoft’s server infrastructure. If exploited, these weaknesses could have easily impacted the system’s integrity, availability, and confidentiality.

These include two vulnerabilities with high severity, a single medium severity flaw, and two low severity bugs.

Although, they haven’t explicitly disclosed the actual vulnerabilities. They have hinted about the flaws via CWE (Common Weakness Enumeration) types. As deduced from the description, the vulnerabilities predominantly include code injection and improper restrictions of operations within the bounds of memory, and information disclosure flaws. The initial two flaws could lead to arbitrary code execution.

Microsoft Patched The Flaws
Upon discovering the security flaws, Swascan team approached the Microsoft team to alert them of the flaws in Microsoft’s IT infrastructure. Together, they both worked to resolve the issues. Nonetheless, neither Microsoft nor the researchers disclosed the details about the existence and the technicalities of the flaws.

Swascan appreciated the professional handling of this matter by Microsoft experts.

Microsoft’s focus on our findings, along with email exchanges and evaluations were among the most serious, professional and transparent collaborations.

The Swascan co-founder, Pierguido Iezzi, also emphasized the importance of close collaboration between security experts and vendors.

Let us know your thoughts about the article in the comments section below

authorarticle: Master3395
microoft-bug.jpg
video: 
youtube: 
sources: 
keywords: arbitrary code execution, bug, code execution, code execution flaw, code injection, code injection flaw, flaw, information disclosure, microsoft, Microsoft bug, Microsoft patch, microsoft vulnerability, vulnerabilities, vulnerability

Comments:

comments powered by Disqus

Return

Sponsored Ads:

Discord

Page 1 of 573  >  >>

What's in the latest Edge update? Rollbacks and new browser telemetry policies

Edge.jpg

Oct 20, 2020 | Category: Microsoft | Comments

Microsoft's Edge 86 includes a "rollback" function that lets IT admins restore an earlier version of the browser and gives the built-in PDF viewer support for document tables of content.

read more…

What the new iPhone 12 means for 5G

apple.jpg

Oct 19, 2020 | Category: Apple | Comments

By now, you’ve probably heard that Apple’s iPhone 12 lineup will have 5G capabilities. And you have also probably heard us discuss how 5G speeds are still only available in some parts of the country with some carriers. 

read more…

Microsoft ends support for Office 2010, bangs the Office 365

Office.jpg

Oct 18, 2020 | Category: Microsoft | Comments

Microsoft on Tuesday reminded customers that Office 2010 and Office 2016 for Mac have received their final security updates, as the suites have now dropped off the company's support list.

read more…

Page 1 of 573  >  >>