Thursday, September 14, 2023

in-security: Microsoft Azure & Office


nOAuth Microsoft Azure AD Vulnerability | CrowdStrike

Adversaries Can “Log In with Microsoft” through the nOAuth Azure Active Directory Vulnerability

the repeated vulnerabilities in its identity infrastructure can make organizations susceptible to breaches. While Microsoft recently changed the name of Azure AD to Entra ID, the security concerns remain.

Microsoft Office Zero Day RCE

Why did the code go to therapy? Because it couldn't handle all the "stress"!

The vulnerability, unveiled by Microsoft on July 11, allows malicious actors to execute remote code on the victim's computer by crafting a specially designed Microsoft Office document. For the exploit to succeed, the unsuspecting victim must open the malicious file.



US senator blasts Microsoft for “negligent cybersecurity practices” | Ars Technica







No comments: