Patch Tuesday

Happy Patch Tuesday: Have some critical SAP vulnerabilities affecting pretty much every internet-facing product whilst you're at it...

Although May Patch Tuesday she be but little, she is fierce: Microsoft has pushed out a modest 38 new security fixes for its monthly fix cycle , but don’t get caught napping: They include fixes for a pre-authentication remote code execution (RCE) vulnerability in Outlook, CVE-2023-29325, that requires no user

Microsoft has urged users to patch a zero day in the Windows Common Log File System (CLFS) that allows elevation by a local attacker to SYSTEM privileges and which is being exploited in the wild. CVE-2023-28252 was reported by a member of China’s DBAPPSecurity WeBin Lab and as that

Get domain admin by... just emailing the domain admin?

February’s Patch Tuesday brings the post-Valentine’s Day hangover of 75 bug fixes from Microsoft including three for CVEs known to be exploited in the wild: CVE-2023-21715,   CVE-2023-23376 , and CVE-2023-21823. Strikingly, more than half of the bugs fixed this month are remote code execution (RCE) vulnerabilities. (A record 26,

It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are critical, one CVE-2023-21674  is being actively exploited and another gives unauthenticated remote access to your SharePoint Server – and requires not just the patch but a “SharePoint upgrade action”

Critical Citrix, VMware, Microsoft vulnerabilities all need patching

Six MSFT vulns being actively exploited. Get patchin'

A critical vulnerability in an Azure tool that lets users manage Kubernetes clusters can be exploited remotely without authentication to gain administrative control over Kubernetes clusters, as well as Azure edge devices. The vulnerability, allocated a maximum possible CVSS (severity rating) score of 10 has been allocated CVE-2022-37968. It is