Microsoft
Vulnerabilities and patches across Windows, Exchange Server, Outlook, Active Directory, and Azure — including Patch Tuesday triage and zero-days under active exploitation.
Microsoft Outlook MonikerLink Remote Code Execution
A vulnerability in how Microsoft Outlook processes specially crafted hyperlinks (the "MonikerLink" flaw) allows an attacker to bypass Outlook's Protected View and trigger remote code execution simply by having a user click a malicious link in an email.
Follina — Microsoft Windows Support Diagnostic Tool Remote Code Execution
A remote-code-execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) allows an attacker to execute arbitrary code when a malicious Office document is opened — triggered via a remote template reference that invokes MSDT through the ms-msdt URI scheme, without requiring macros.
MSHTML Remote Code Execution via Malicious Office Document
A remote-code-execution vulnerability in the MSHTML (Trident) browser engine component used by Microsoft Office allows an attacker to execute arbitrary code when a victim opens a specially crafted Office document — exploited in the wild as a zero-day before Microsoft's patch shipped.
PrintNightmare — Windows Print Spooler Remote Code Execution
A remote-code-execution vulnerability in the Windows Print Spooler service allows an authenticated attacker to run arbitrary code with SYSTEM privileges, or a domain-authenticated attacker to compromise a domain controller, by abusing the spooler's remote printer-driver installation functionality.
ProxyLogon — Microsoft Exchange Server Server-Side Request Forgery
A server-side request forgery vulnerability in Microsoft Exchange Server allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange server. Chained with three additional Exchange vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) it delivers full pre-authentication remote code execution — the "ProxyLogon" chain exploited at mass scale in early 2021.

Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely
CVE-2022-30190 let a Word document trigger arbitrary code execution through the Windows Support Diagnostic Tool — no macros, and in some configurations no explicit click required beyond opening the file.

The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution
CVE-2021-40444 let attackers execute arbitrary code through a malicious Office document with no macros required — exploited in the wild before Microsoft's patch existed.

ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order
CVE-2021-26855 and three chained Exchange Server bugs gave attackers unauthenticated remote code execution — and led to a compromise event so widespread the FBI obtained a court order to remove webshells itself.

PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch
CVE-2021-34527 let attackers turn the Windows Print Spooler service — running by default on nearly every Windows machine — into a path to SYSTEM privileges or full domain compromise.

The Outlook 'MonikerLink' Bug: One Click, Protected View Bypassed
CVE-2024-21413 let attackers bypass Outlook's Protected View sandbox with a single specially crafted hyperlink, leading to code execution and potential credential leakage. Patched in February 2024's Patch Tuesday.