Tag

Responsible Disclosure

All articles tagged with #responsible disclosure

Microsoft Faces Backlash After Threatening Legal Action Over Windows Bugs
technology1 month ago

Microsoft Faces Backlash After Threatening Legal Action Over Windows Bugs

Microsoft drew sharp criticism from the cybersecurity community after threatening legal action against Nightmare Eclipse, a researcher who published six unpatched Windows zero-days outside the MSRC disclosure process, including a BlueHammer privilege-escalation proof-of-concept. Microsoft says coordinated disclosure protects customers, while researchers argue it stifles bug reporting; the dispute has led to the takedown of the researcher’s GitHub/GitLab pages and MSRC accounts, with promises of further disclosures and a broader debate over disclosure policies.

Multiple Zero-Day Flaws and Vulnerabilities Uncovered in Microsoft Exchange and SketchUp Support
cybersecurity2 years ago

Multiple Zero-Day Flaws and Vulnerabilities Uncovered in Microsoft Exchange and SketchUp Support

The Zero Day Initiative (ZDI) has disclosed four zero-day vulnerabilities in Microsoft Exchange that can be exploited remotely by authenticated attackers to execute arbitrary code or disclose sensitive information. Despite being notified by ZDI, Microsoft has not yet fixed the vulnerabilities. The flaws include deserialization issues and server-side request forgery vulnerabilities.

"Exim Mail Servers at Risk: Critical Vulnerabilities Expose Millions to Remote Attacks"
vulnerability-cyber-attack2 years ago

"Exim Mail Servers at Risk: Critical Vulnerabilities Expose Millions to Remote Attacks"

A high-severity security flaw, tracked as CVE-2023-37476, has been discovered in the OpenRefine data cleanup tool, allowing attackers to execute arbitrary code on affected systems. By tricking users into importing a malicious project file, the attacker gains the ability to execute code on the victim's machine. The vulnerability has been patched in version 3.7.4. This disclosure follows the surfacing of exploit code for patched flaws in Microsoft SharePoint Server and a high-severity bug in Apache NiFi, highlighting the severe impact of these vulnerabilities on system security and data integrity.