Exploit code is now available for CVE-2021-1675 allowing for Remote Code Execution. This vulnerability allows an unauthenticated bad actor to execute code as SYSTEM on vulnerable systems. Microsoft has released an advisory and patches are available here. There are reports that the patches alone are not sufficient at this time so you may want to … Read More “PrintNightmare – REMOTE CODE EXECUTION in Windows Spooler Service CVE-2021-1675” »
Tag: vulnerability
At this time there are now multiple exploits available for CVE-2020-0688 which allows for Remote Code Execution on servers running a vulnerable version of Microsoft Exchange. This code is executed as SYSTEM and the CVSS score for this vulnerability is 9.0 HIGH. Authentication is required, however, due to Outlook Web Access this could be easy … Read More “Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE” »
A security vulnerability was revealed earlier this week in the Nvidia GeForce Experience. If you are not familiar this is Nvidia’s preferred, (meaning default), method of delivering drivers to their video cards. Most gamers using Nvidia cards likely have this application installed to keep their drivers updated. It also includes the ability to take screenshots … Read More “NVIDIA GEFORCE EXPERIENCE OS COMMAND INJECTION” »