CYBERSECURITY BLOGS

Introduction On the latest Patch Tuesday, Microsoft released 83 security fixes , one of which is the "CVE-2023-23397" vulnerability that affects all versions of the Outlook desktop app on Windows systems. However, this vulnerability does not impact the Outlook web app (OWA) or Microsoft 365 since they do not support NTLM authentication. The attacker can obtain the user's credentials and escalate privileges with these NTLM hashes by leveraging this escalation of privilege iss

Unpacking CVE-2022-30190: An In-Depth Analysis of MS Office Follina RCE and it's mitigation

Why did the hacker cross the road? To get to the other network. Introduction On September 9, 2022, Microsoft received a report from Andrea Pierini and Antonio Cocomazzi about Windows's local privilege escalation (LPE) vulnerability. This vulnerability could enable an attacker with limited privileges on a host to gain SYSTEM privileges and read/write any file on the system. Microsoft addressed the LocalPotato vulnerability in the January 2023 patch Tuesday, and a PoC was publi