Collaborate Disseminate
We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch Tuesday … Continue reading March 2024 Patch Tuesday forecast: A popular framework updated
January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new year. January’s release was a bit un… Continue reading February 2024 Patch Tuesday forecast: Zero days are back and a new server too
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In D… Continue reading EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10, and 61 in Server 2012 R2. While Ser… Continue reading November 2023 Patch Tuesday forecast: Year 21 begins
F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code executio… Continue reading F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been revea… Continue reading Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of … Continue reading Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.
The post Intel Addresses 80 Firmware, Software Vulnerabilities appeared first on SecurityWeek.
Continue reading Intel Addresses 80 Firmware, Software Vulnerabilities
Patch Tuesday: A month after confirming active exploitation of Office code execution flaws, Microsoft has shipped patches for multiple affected products.
The post Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days appeared first on S… Continue reading Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days