Patch Tuesday
Cybersecurity
Microsoft
¡OLÈ! Microsoft patches pre-auth RCE, zero day, warns on BlackLotus bootkit
Although May Patch Tuesday she be but little, she is fierce: Microsoft has pushed out a modest 38 new security fixes for its monthly fix cycle , but don’t get caught napping: They include fixes for a pre-authentication remote code execution (RCE) vulnerability in Outlook, CVE-2023-29325, that requires no user...
Cybersecurity
Featured
Read This
Patch Tuesday brings a zero day fix and a patch for a... 2013 bug?
Microsoft has urged users to patch a zero day in the Windows Common Log File System (CLFS) that allows elevation by a local attacker to SYSTEM privileges and which is being exploited in the wild. CVE-2023-28252 was reported by a member of China’s DBAPPSecurity WeBin Lab and as that...
Cybersecurity
Microsoft’s Valentine’s Day gift: Patches for 3 CVEs being exploited
February’s Patch Tuesday brings the post-Valentine’s Day hangover of 75 bug fixes from Microsoft including three for CVEs known to be exploited in the wild: CVE-2023-21715, CVE-2023-23376 , and CVE-2023-21823. Strikingly, more than half of the bugs fixed this month are remote code execution (RCE) vulnerabilities. (A record 26,...
Cybersecurity
CVEs
patching
Gird your loins: Patch Tuesday’s back
It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are critical, one CVE-2023-21674 is being actively exploited and another gives unauthenticated remote access to your SharePoint Server – and requires not just the patch but a “SharePoint upgrade action”...
