Authentication Azure SMB 
Tenable
NOVEMBER 12, 2024
Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate. It was assigned a CVSSv3 score of 9.8
Tenable
MAY 13, 2025
An authenticated attacker can leverage this vulnerability to elevate their privileges to administrator by exploiting a user after free condition. Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important. It was assigned a CVSSv3 score of 7.8 and rated as Important.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tenable
NOVEMBER 15, 2024
Require phishing-resistant multi-factor authentication for all users and on all VPN connections. For example, the paper suggests 19 questions to ask about AI security systems, organized into seven sub-categories, including authentication and access control; data sanitization; encryption and key management; and security monitoring.
Tenable
SEPTEMBER 10, 2024
Active Directory Lightweight Directory Services Administrative Tools Internet Explorer 11 Internet Information ServicesWorld Wide Web Services LPD Print Service Microsoft Message Queue (MSMQ) Server Core MSMQ HTTP Support MultiPoint Connector SMB 1.0/CIFS Advanced Services ASP.NET 4.6 This vulnerability was assigned a CVSSv3 score of 7.3
Tenable
JUNE 9, 2020
The updates this month include patches for Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps and Adobe Flash Player. This flaw can be exploited on an authenticated server or against an SMB client.
Tenable
OCTOBER 8, 2024
The content in the CSIs underscores the importance of concepts such as least privilege, limiting attack surface area and centralizing logs for auditing purposes, as well as the use of tools like key management services (KMS), multi-factor authentication (MFA), and modern encryption protocols. 0 to remote server administration ports.
Tenable
AUGUST 9, 2022
Azure Batch Node Agent. Azure Real Time Operating System. Azure Site Recovery. Azure Sphere. All three vulnerabilities require authentication and user interaction to exploit — an attacker would need to entice a target to visit a specially crafted Exchange server, likely through phishing. Microsoft ATA Port Driver.
Expert insights. Personalized for you.
124 
Let's personalize your content