In-The-Wild & Disclosed CVEs
Up first in the list this month, we have a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. We see patches for Microsoft Visual Studio 2019 for Windows and macOS as well as .NET 5.0 and .NET Core 3.1. Microsoft indicates that while this has been publicly disclosed, it has not been exploited in the wild. There are additional details regarding this vulnerability available on the dotnet github page.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
Once again, we have a Microsoft Exchange Server vulnerability in the patch round-up. This time, it is a security feature bypass and is one of the Exchange vulnerabilities that was found during PWN2OWN 2021.
minute read
Share this article:
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.
A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways (SEGs). In a post on Tuesday, the firm said that this is an example of why it’s not always prudent to share documents via Microsoft’s hugely popular, widely used SharePoint collaboration platform.
The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature. The campaign cropped up in a spot that’s supposed to be protected by Microsoft’s own SEG. This isn’t the first time that we’ve seen the SEG sanctuary get polluted:: In December, spearphishers spoofed Microsoft.com itself to target 200 million Office 365 users, successfully slipping