patch – Page 4 – WindowsTechs.com

Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

Posted on November 29, 2022 by Zeljka Zorz

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerabilit… Continue reading Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)→

Firefox fixes fullscreen fakery flaw – get the update now!

Posted on November 16, 2022 by Paul Ducklin

What’s so bad about a web page going fullscreen without warning you first? Continue reading Firefox fixes fullscreen fakery flaw – get the update now!→

Microsoft fixes many zero-days under attack

Posted on November 8, 2022 by Zeljka Zorz

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41… Continue reading Microsoft fixes many zero-days under attack→

Chrome and Edge fix zero-day security hole – update now!

Posted on September 5, 2022 by Paul Ducklin

This time, the crooks got there first – only 1 security hole patched, but it’s a zero-day. Continue reading Chrome and Edge fix zero-day security hole – update now!→

Firefox 104 is out – no critical bugs, but update anyway

Posted on August 26, 2022 by Paul Ducklin

Two trust-spoofing bugs were the main culprits this month – but neither one was a zero-day. Continue reading Firefox 104 is out – no critical bugs, but update anyway→

CISA or CVSS: How Today’s Vulnerability Databases Work Together

Posted on August 22, 2022 by Mark Stone

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and […]

The post CISA or CVSS: How Today’s Vulnerability Databases Work Together appeared first on Security Intelligence.

Continue reading CISA or CVSS: How Today’s Vulnerability Databases Work Together→

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)

Posted on June 29, 2022 by Paul Ducklin

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft’s “Follina” saga. Continue reading Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)→

DogWalk zero-day Windows bug receives patch – but not from Microsoft

Posted on June 10, 2022 by Graham Cluley

A Windows zero-day vulnerability dubbed “DogWalk” has not received an official patch yet from Microsoft, but that hasn’t stopped others from offering free fixes to protect users.

Read more in my article on the Hot for Security blog. Continue reading DogWalk zero-day Windows bug receives patch – but not from Microsoft→

Firefox 101 is out, this time with no 0-day scares (but update anyway!)

Posted on June 1, 2022 by Paul Ducklin

After an intriguing month of Firefox releases, here’s one with a bit less drama, probably to the collective relief of Mozilla’s coders. Continue reading Firefox 101 is out, this time with no 0-day scares (but update anyway!)→

Apple patches zero-day kernel hole and much more – update now!

Posted on May 17, 2022 by Paul Ducklin

You’ll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions. Continue reading Apple patches zero-day kernel hole and much more – update now!→