Collaborate Disseminate
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In D… Continue reading EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10, and 61 in Server 2012 R2. While Ser… Continue reading November 2023 Patch Tuesday forecast: Year 21 begins
F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code executio… Continue reading F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been revea… Continue reading Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of … Continue reading Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.
The post Intel Addresses 80 Firmware, Software Vulnerabilities appeared first on SecurityWeek.
Continue reading Intel Addresses 80 Firmware, Software Vulnerabilities
Patch Tuesday: A month after confirming active exploitation of Office code execution flaws, Microsoft has shipped patches for multiple affected products.
The post Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days appeared first on S… Continue reading Patch Tuesday: Microsoft (Finally) Patches Exploited Office Zero-Days
No zero-days this month, so you’re patching to stay ahead, not merely to catch up! Continue reading Firefox 115 is out, says farewell to older Windows and Mac users
Ultimate Member plugin lets rogue users choose their own site capabilities, including becoming admins.
Continue reading WordPress plugin lets users become admins – Patch early, patch often!