Skip to content
feed: live about
>_ 0dayNews
Vendor

Microsoft

Vulnerabilities and patches across Windows, Exchange Server, Outlook, Active Directory, and Azure — including Patch Tuesday triage and zero-days under active exploitation.

CVEs
CVE-2024-21413
[ CRITICAL ] CVSS 9.8 patched

Microsoft Outlook MonikerLink Remote Code Execution

A vulnerability in how Microsoft Outlook processes specially crafted hyperlinks (the "MonikerLink" flaw) allows an attacker to bypass Outlook's Protected View and trigger remote code execution simply by having a user click a malicious link in an email.

Microsoft / Outlook (Microsoft 365 Apps, Office 2016–2021)
CVE-2022-30190
[ HIGH ] CVSS 7.8 kev

Follina — Microsoft Windows Support Diagnostic Tool Remote Code Execution

A remote-code-execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) allows an attacker to execute arbitrary code when a malicious Office document is opened — triggered via a remote template reference that invokes MSDT through the ms-msdt URI scheme, without requiring macros.

Microsoft / Windows Support Diagnostic Tool (MSDT)
CVE-2021-40444
[ HIGH ] CVSS 8.8 kev

MSHTML Remote Code Execution via Malicious Office Document

A remote-code-execution vulnerability in the MSHTML (Trident) browser engine component used by Microsoft Office allows an attacker to execute arbitrary code when a victim opens a specially crafted Office document — exploited in the wild as a zero-day before Microsoft's patch shipped.

Microsoft / Windows MSHTML
CVE-2021-34527
[ HIGH ] CVSS 8.8 kev

PrintNightmare — Windows Print Spooler Remote Code Execution

A remote-code-execution vulnerability in the Windows Print Spooler service allows an authenticated attacker to run arbitrary code with SYSTEM privileges, or a domain-authenticated attacker to compromise a domain controller, by abusing the spooler's remote printer-driver installation functionality.

Microsoft / Windows Print Spooler
CVE-2021-26855
[ CRITICAL ] CVSS 9.8 kev

ProxyLogon — Microsoft Exchange Server Server-Side Request Forgery

A server-side request forgery vulnerability in Microsoft Exchange Server allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange server. Chained with three additional Exchange vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) it delivers full pre-authentication remote code execution — the "ProxyLogon" chain exploited at mass scale in early 2021.

Microsoft / Exchange Server
Articles
~/articles/2026-07-02-follina-msdt-zero-day-explained
Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely
Explainer
microsoft

Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely

CVE-2022-30190 let a Word document trigger arbitrary code execution through the Windows Support Diagnostic Tool — no macros, and in some configurations no explicit click required beyond opening the file.

read →
~/articles/2026-07-01-mshtml-office-zero-day-cve-2021-40444
The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution
Explainer
microsoft

The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution

CVE-2021-40444 let attackers execute arbitrary code through a malicious Office document with no macros required — exploited in the wild before Microsoft's patch existed.

read →
~/articles/2026-07-01-proxylogon-exchange-server-attack-chain
ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order
Analysis
microsoft

ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order

CVE-2021-26855 and three chained Exchange Server bugs gave attackers unauthenticated remote code execution — and led to a compromise event so widespread the FBI obtained a court order to remove webshells itself.

read →
~/articles/2026-06-30-printnightmare-windows-print-spooler-explained
PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch
Explainer
microsoft

PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch

CVE-2021-34527 let attackers turn the Windows Print Spooler service — running by default on nearly every Windows machine — into a path to SYSTEM privileges or full domain compromise.

read →
~/articles/2026-06-28-outlook-monikerlink-rce-patch-tuesday-explainer
The Outlook 'MonikerLink' Bug: One Click, Protected View Bypassed
Explainer
microsoft

The Outlook 'MonikerLink' Bug: One Click, Protected View Bypassed

CVE-2024-21413 let attackers bypass Outlook's Protected View sandbox with a single specially crafted hyperlink, leading to code execution and potential credential leakage. Patched in February 2024's Patch Tuesday.

read →