Tag Archives: Microsoft Edge

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP. Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239127

As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there were only 3 vulnerabilities used in attacks or with a public exploit. And only one of them is more or less relevant.

Continue reading →

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

1 Reply

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE. Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays.

Alternative video link (for Russia): https://vk.com/video-149273431_456239126

As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews.

It’s been a long time since we’ve had such tiny Patch Tuesday. 57 CVEs, including CVEs appeared during the month. And only 38 without them! 😄

Continue reading →

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

1 Reply

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB. Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual.

Alternative video link (for Russia): https://vk.com/video-149273431_456239101

Continue reading →

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

1 Reply

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery. Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in theory, should be more or less neutral, does this… This is a clear signal. It’s not about business anymore.

Alternative video link (for Russia): https://vk.com/video-149273431_456239096

I’ll take a closer look at this report in the next episode of the Vulnerability Management news, but for now let’s take a look at Microsoft July Patch Tuesday. Yes, the vendor is behaving strangely, but Microsoft products need to be patched. Right? At least for now. And tracking vulnerabilities is always a good thing. 🙂

Continue reading →

Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data

1 Reply

Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data. Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics.

Alternative video link (for Russia): https://vk.com/video-149273431_456239088

CVSS redefinitions

A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this was the case with CVE-2022-1364 Type Confusion in V8 (Chromium). This vulnerability does not exist in NVD.

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Microsoft Edge

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data

CVSS redefinitions