


Vulnerabilities and exploits
Microsoft security researchers monitor the threat landscape and collaborate with customers, partners, and industry experts to discover new vulnerabilities and exploits. Explore our latest findings and how they inform faster, more effective defenses.
Refine results
Topic
Products and services
Publish date
-
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them.
-
Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). -
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. -
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. -
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. -
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. -
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. -
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Microsoft security researchers recently identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance. -
Uncursing the ncurses: Memory corruption vulnerabilities found in library
A set of memory corruption vulnerabilities in the ncurses library could have allowed attackers to chain the vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions. -
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
China-based actor Flax Typhoon is exploiting known vulnerabilities for public-facing servers, legitimate VPN software, and open-source malware to gain access to Taiwanese organizations, but not taking further action. -
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Microsoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS). -
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America.