Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

Credit to Author: Katie McCafferty| Date: Tue, 26 Apr 2022 16:00:00 +0000

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.

The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog.

Read more

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

Credit to Author: Paul Oliveria| Date: Tue, 05 Apr 2022 01:11:24 +0000

Microsoft provides guidance for customers looking for protections against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell.

The post SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 appeared first on Microsoft Security Blog.

Read more