Remove Authentication Remove LAN Remove Windows
article thumbnail

Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)

Tenable

Important CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-21418 is an EoP vulnerability in the Ancillary Function Driver for WinSock for Microsoft Windows. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM level privileges.

Windows 70
article thumbnail

CVE-2020-1472: 'Zerologon' Vulnerability in Netlogon Could Allow Attackers to Hijack Windows Domain Controller

Tenable

Security researchers reveal how the cryptographic authentication scheme in Netlogon can be exploited to take control of a Windows domain controller (DC). An attacker can exploit this flaw to impersonate the identity of any machine on a network when attempting to authenticate to the Domain Controller (DC). Background.

Windows 118
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Tenable

Successful exploitation of this flaw would allow for the disclosure of New Technology LAN Manager (NTLM) hashes. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user. Each of these vulnerabilities were given CVSSv3 scores of 8.0

LAN 124
article thumbnail

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Tenable

Moderate CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. Since 2022, there have been five Windows SmartScreen vulnerabilities disclosed across Patch Tuesday. It was assigned a CVSSv3 score of 7.6 and is rated moderate.

LAN 129
article thumbnail

Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs

Tenable

and could be abused by an authenticated attacker to bypass server-side request forgery (SSRF) protections in order to leak potentially sensitive information. This vulnerability received a CVSSv3 score of 8.5 CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7.

IPv6 127
article thumbnail

Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)

Tenable

Successful exploitation could lead to the disclosure of New Technology LAN Manager (NTLM) hashes. Critical CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability CVE-2023-35349 is a RCE vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that was assigned a CVSSv3 score of 9.8

Windows 118
article thumbnail

Microsoft’s May 2022 Patch Tuesday Addresses 73 CVEs (CVE-2022-26925)

Tenable

Microsoft Windows ALPC. Role: Windows Fax Service. Role: Windows Hyper-V. Tablet Windows User Interface. Windows Active Directory. Windows Address Book. Windows Authentication Methods. Windows BitLocker. Windows Cluster Shared Volume (CSV). Windows Kerberos. Windows Kernel.

Windows 100