Microsoft SPNEGO NEGOEX Vulnerability
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX (CVE-2022-37958) to a designation of “Critical” (maximum severity for their products): CVSS score 8.1. The CVE had previously been given a designation of “Important”: CVSS score of 7.5, but recent analysis of the patch identified that the vulnerability allowed remote code execution in a similar manner to […]
Spring4Shell Vulnerability
Executive Summary: A new zero-day vulnerability in the Spring Core Java framework dubbed ‘Spring4Shell’ has been publicly disclosed, allowing unauthenticated remote-code execution on applications. Spring by VMware is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as […]
FORCEDENTRY ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Citizen Lab has discovered a zero-day zero click exploit against Apple’s iMessage. The exploit tracked as ForcedEntry, CVE-2021-30860 was identified by Citizen Lab and immediately reported to Apple who released a fix to patch all OS, iOS and watchOS devices. Citizen Lab claims that a Saudi activist was infected with the […]
MICROSOFT MSHTML ZERO-DAY VULNERABILITY
Priority: Critical Executive Summary: Microsoft has reported a zero-day vulnerability in MSHTML affecting Microsoft Windows, targeting users to download a malicious Microsoft Office document. A proof-of-concept has been released to the public with Microsoft advising administrators to enforce a workaround until an official Microsoft patch is released. This is being tracked as CVE-2021-40444. The vulnerability […]