Microsoft is looking into a report of a zero day in Internet Explorer that a group of Korean researchers say used to target them.
The SolarWinds attackers had access to some Microsoft source code repositories, but did not have the ability to change them, the company said.
A flaw in Microsoft Teams allowed remote code execution by sending one message to a victim.
A windows kernel bug (CVE-2020-17087) is being used in active targeted attacks alongside a recently fixed Chrome bug.
The Zerologon (CVE-2020-1472) vulnerability is continuing to draw attention from attackers and Microsoft is urging enterprises to patch immediately.