Patch Tuesday
Patch Tuesday brings a Hyper-V vulnerability exploited in the wild, trio of CVSS 9.8 bugs in RDS
Admins face prioritising 143 patches including two known-exploited.
Patch Tuesday
Monster Patch Tuesday sets new record: RCE bugs galore
God speed to those pushing fixes.
Patch Tuesday
February’s Patch Tuesday brings exploited zero days, Exchange Server headaches
As a major Exchange Service update lands, Redmond admits "it is possible that some functionality may break after installing CU14..."
Patch Tuesday
Patch Tuesday brings lots of chaff, a little buggy wheat too. Some CVE highlights to review.
One vulnerability bears a striking resemblance to an 0day that was actively exploited in the wild in November 2023.
Patch Tuesday
A December Patch Tuesday recap: Azure Logic Apps, Power Platform get critical fix
A CVSS 9,8 bug that lets attackers spoof legitimate connectors between Microsoft/Azure services is the pick of the bunch...
Patch Tuesday
Three Windows zero days are under attack: Patch up.
"Loaded by default on just about every version of Windows, so it provides a broad attack surface"
News
Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix
A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.
Patch Tuesday
Patch Tuesday puts the cherry on a cake of zero days
From SAP, an "update that only became necessary because the Security Note was accidentally previously deleted" and from Microsoft, some strange assessments.
News
August Patch Tuesday brings 86 fixes from Microsoft
Microsoft patched 86 security flaws including multiple Critical vulnerabilities in Windows and Teams as part of this month's Patch Tuesday update
Patch Tuesday
This Microsoft zero day is under active attack and there’s no patch
Happy Patch Tuesday: Have some critical SAP vulnerabilities affecting pretty much every internet-facing product whilst you're at it...
Cybersecurity
¡OLÈ! Microsoft patches pre-auth RCE, zero day, warns on BlackLotus bootkit
Although May Patch Tuesday she be but little, she is fierce: Microsoft has pushed out a modest 38 new security fixes for its monthly fix cycle , but don’t get caught napping: They include fixes for a pre-authentication remote code execution (RCE) vulnerability in Outlook, CVE-2023-29325, that requires no user
Cybersecurity
Patch Tuesday brings a zero day fix and a patch for a... 2013 bug?
Microsoft has urged users to patch a zero day in the Windows Common Log File System (CLFS) that allows elevation by a local attacker to SYSTEM privileges and which is being exploited in the wild. CVE-2023-28252 was reported by a member of China’s DBAPPSecurity WeBin Lab and as that