Neowin News Feed for: Rce

Windows 11, Microsoft Edge, and Exchange hacked at Pwn2Own

Usama Jawad — Fri, 15 May 2026 18:38:01 +0000

Microsoft products and AI apps fell to multiple 0-days at Pwn2Own 2026 as researchers claimed huge cash prizes. Read more...

Exchange Server has a "critical" security bug, but Microsoft does not have a proper fix yet

Usama Jawad — Fri, 15 May 2026 07:44:02 +0000

Microsoft warns of a critical Exchange Server flaw that could let attackers hijack browsers through emails, with full fixes locked behind paid support for some. Read more...

KB5084597: Microsoft outs Windows 11 25H2, 24H2 emergency update for a critical network flaw

Sayan Sen — Sat, 14 Mar 2026 06:40:01 +0000

Microsoft has released an emegency hotpatch update against a critical network security vulnerability under KB5084597 for Windows 11 25H2 and 24H2. Read more...

Microsoft patches Notepad flaw that could let attackers hijack Windows PCs

Ivan Jenic — Wed, 11 Feb 2026 11:08:02 +0000

Microsoft just patched a serious vulnerability in Notepad for Windows that could allow hackers to take control of victims' computers. Read more...

Microsoft is securing a Windows Server component, IT admins warned about new configuration

Usama Jawad — Wed, 14 Jan 2026 16:04:01 +0000

IT admins have been told to follow guidance related to deployments handled via the Windows Deployment Services (WDS). There are only a few months left before a Windows Server feature is disabled. Read more...

Microsoft shares Windows Server KB5070881 KB5070879 KB5070884 OOB updates for CVE-2025-59287

Sayan Sen — Fri, 24 Oct 2025 04:16:01 +0000

Microsoft has published emergency OOB updates under KB5070881, KB5070879, KB5070884, for, CVE-2025-59287, a remote code execution flaw. Read more...

Microsoft Mesh also impacted by Unity issue, patches rolling out for all games too

Usama Jawad — Mon, 06 Oct 2025 17:28:01 +0000

Microsoft has published a dedicated advisory for the recent Unity RCE vulnerability, indicating that Mesh applications and dozens of games are impacted. Read more...

Unity discloses severe RCE vulnerability, urges developers to apply patches

Usama Jawad — Sat, 04 Oct 2025 06:32:02 +0000

Unity has disclosed a particularly severe vulnerability affecting all games going back to 2017. Malicious actors can utilize this security issue to gain access to data on your machine. Read more...

Microsoft will now pay you up to $40,000 for reporting vulnerabilities in .NET

Usama Jawad — Thu, 31 Jul 2025 19:12:01 +0000

Microsoft will now award anyone up to $40,000 if they privately disclose a high-severity security issue in .NET and ASP.NET Core, along with complete documentation. Read more...

U.S. nuclear weapons department compromised in SharePoint attack

Usama Jawad — Wed, 23 Jul 2025 11:30:02 +0000

The U.S. Energy Department, responsible for producing and disassembling nuclear weapons, was impacted in the latest attacks on Microsoft SharePoint. Read more...

Rsync package in Ubuntu distros updated to fix remote code execution bugs, download now

Paul Hill — Wed, 15 Jan 2025 10:26:01 +0000

Canonical has pushed a patch for rsync after researchers uncovered serious vulnerabilities that enable remote code execution attacks. Read more...

Popular Asus routers found "critically" vulnerable to hacker attacks, firmware patch coming

Sayan Sen — Wed, 06 Sep 2023 08:52:01 +0000

Some of Asus' popular mid-range and high-end routers have been found to be vulnerable to remote code execution and code injection attacks. Check the full list of routers and the firmware patches here. Read more...

Microsoft Office, Excel, Word, Outlook 2013/2016 were vulnerable to Spoofing, Code Execution

Sayan Sen — Thu, 10 Aug 2023 08:16:01 +0000

Microsoft released Windows security updates for Windows 11 as well as 10 this week via Patch Tuesday. It also rolled out security fixes for Office 2013/2016 that resolve RCE and Spoofing flaws. Read more...

Rust-based malware used to hack both Windows and Linux servers

Sayan Sen — Fri, 21 Jul 2023 22:18:01 +0000

A Redis server malware, that has been built on Rust, is infecting servers based on both Windows as well as Linux. Dubbed the "P2PInfect", this worm is able to exploit the Lua vulnerability. Read more...

faulTPM: AMD fTPM flaw that bypasses BitLocker even on modern Windows 11-supported Ryzens

Sayan Sen — Thu, 04 May 2023 05:34:01 +0000

An AMD fTPM side channel security flaw dubbed "faulTPM" has been discovered by researchers. This security bug can even bypass BitLocker and it affects modern Windows 11-supported Ryzen chips. Read more...

Microsoft issues advisory about two 0-day vulnerabilities in Exchange Server, no fix yet

Usama Jawad — Fri, 30 Sep 2022 13:42:01 +0000

Microsoft has issued an advisory about two 0-day vulnerabilities affecting on-premises installations of Exchange Server. Unfortunately, no fix is available yet but there are a couple of mitigations. Read more...

QNAP issues patch for an RCE security vulnerability affecting PHP in NAS Drive management

Alap Naik Desai — Wed, 22 Jun 2022 21:56:01 +0000

QNAP has issued a patch of a security vulnerability that could affect certain configurations of its NAS Drives. The flaw resides in PHP that deals with FPM. It can allow remote code execution. Read more...

June Patch Tuesday: Microsoft fixes Follina vulnerability but not DogWalk

Usama Jawad — Wed, 15 Jun 2022 09:16:02 +0000

Microsoft's latest Patch Tuesday updates - released yesterday - fix a lot of recently publicized security issues like Follina, however, DogWalk remains unpatched as Microsoft continues to downplay it. Read more...

Atlassian: There is a critical RCE flaw in Confluence, block internet access ASAP [Update]

Usama Jawad — Fri, 03 Jun 2022 08:58:01 +0000

Some IT admins may be in for a scare this weekend as Atlassian has warned of a critical RCE flaw affecting all Confluence Server and Data Center versions. Internet access should be restricted ASAP. Read more...

Microsoft issues warning about RCE exploit in its Windows diagnostic tool

Usama Jawad — Tue, 31 May 2022 07:14:01 +0000

Microsoft has issued a warning about a remote code execution flaw in its Microsoft Support Diagnostic Tool (MSDT). Virtually all supported versions of Windows and Windows Server are affected. Read more...

Android devices with Security Patch older than Dec 2021 remain vulnerable to security risk

Alap Naik Desai — Thu, 21 Apr 2022 20:40:01 +0000

Nearly all Android smartphones and devices packing MediaTek or Qualcomm with a Security Patch dated prior to December 2021 remain vulnerable to an RCE security bug that can allow eavesdropping. Read more...

Google issues warning about state-sponsored hackers from North Korea exploiting Chrome

Usama Jawad — Thu, 24 Mar 2022 18:52:01 +0000

Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups. Read more...

AMD issues fix for Spectre v2 which confirms nearly every desktop CPU is still vulnerable

Alap Naik Desai — Sat, 12 Mar 2022 06:18:01 +0000

Intel and ARM are vulnerable to the Spectre-BHB flaw, but AMD is apparently troubled by Spectre v2, which it should have fixed back in 2018. AMD has now issued a new fix for the CVE-2017-5715 bug. Read more...

$400,000 payout for Microsoft Outlook zero-click RCE security flaw announced by Zerodium

Sayan Sen — Fri, 28 Jan 2022 14:22:01 +0000

Zerodium has increased the prize bounty for zero-click remote code executions (RCEs) on Microsoft Outlook up to $400,000. However, the firm has noted that the rise may only be temporary. Read more...

Your HP printer may need a firmware update to save it from a "Critical" buffer overflow bug

Sayan Sen — Tue, 30 Nov 2021 16:12:01 +0000

HP has issued a list of its printers that are vulnerable to a new "Critical" buffer overflow bug that can lead to exploitation. Fortunately, patched firmware for these models has also been released. Read more...

CISA: BadAlloc vulnerability can lead to remote code execution in BlackBerry products

Usama Jawad — Wed, 18 Aug 2021 09:02:02 +0000

Microsoft highlighted a collection of BadAlloc vulnerabilities earlier this year. Federal U.S. cybersecurity agency CISA has now issued an advisory as the problem affects tons of BlackBerry products. Read more...

Microsoft issues advisory about new SolarWinds cyberattack

Usama Jawad — Wed, 14 Jul 2021 12:54:01 +0000

Microsoft has issued an advisory about a cyberattack from a Chinese group targeting SolarWinds' products. A hotfix has been released but organizations are still advised to review guidance. Read more...

Microsoft: Our PrintNightmare patch is effective, you're just using Windows wrong

Usama Jawad — Fri, 09 Jul 2021 04:56:01 +0000

Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations. Read more...

Microsoft provides further mitigations for PrintNightmare exploit, awards it "high" severity

Usama Jawad — Sun, 04 Jul 2021 05:12:01 +0000

Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity. Read more...

Microsoft is investigating a critical Windows Print Spooler exploit called PrintNightmare

Usama Jawad — Fri, 02 Jul 2021 05:48:01 +0000

An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution. Read more...

A critical Adobe Flash Player zero-day vulnerability is out in the wild... again

Usama Jawad — Sat, 03 Feb 2018 06:36:01 +0000

A critical zero-day vulnerability has been discovered in Adobe Flash Player, which allows Remote Code Execution using a Microsoft Excel document, potentially making you lose control of your system. Read more...

Microsoft finds an exploit in Google Chrome, emphasizes Edge's security

Gurkaran Singh — Thu, 19 Oct 2017 12:08:01 +0000

Tit for tat? Google has revealed multiple Windows exploits over the years & has even criticized Microsoft for being slow to patch it. Now, Microsoft is returning the favor by finding a bug in Chrome. Read more...

Microsoft vows to strengthen the security of Edge's sandbox

Usama Jawad — Sat, 25 Mar 2017 10:14:01 +0000

Microsoft has detailed the several layers of security in its Edge browser that reduce the chances of malicious exploits by attackers, stating that it will continue to strengthen the Edge sandbox. Read more...