Posts by Greg Wiseman

7 min Vulnerability Management

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools 8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly Disclosed Vulnerabilities One zero-day was announced: CVE-2021-1732 [https:

2 min Vulnerability Management

Patch Tuesday - May 2020

Microsoft's fifth Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May] of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/] but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today. The bulk of this month's fixes, as well as most of the critical ones, are fo

5 min Vulnerability Management

How to Measurably Reduce False Positive Vulnerabilities by Up To 22%

Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.

3 min Vulnerability Management

Patch Tuesday - January 2020

The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour [https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the NSA: CVE-2020-0601 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601] is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC) c

2 min Patch Tuesday

Patch Tuesday - October 2019

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573] is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe [https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's nothing to do: Microsoft still published 59 CVE

2 min Patch Tuesday

Patch Tuesday - September 2019

Today Microsoft released fixes [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573] for 79 separate security flaws, affecting products across much of their portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1214] and CVE-2019-1215 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215] are both privilege

2 min Patch Tuesday

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d] : Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep [/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/] vulnerability (CVE-2019-0708 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708] ) that was patched last May. CVE-2019-11

2 min Patch Tuesday

Patch Tuesday - July 2019

Patch Tuesday for July 2019 is on the heavier side as far as they go, with Microsoft fixing 77 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573] in total. Microsoft also published an advisory [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190021] describing a cross-site scripting vulnerability in the on-premise edition of Outlook for web (previously known as Outlook Web App), but instead of

2 min Patch Tuesday

Patch Tuesday - June 2019

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573] , the highest count so far this year. Nothing this month seems "wormable" like the BlueKeep [https://www.rapid7.com/db/?q=CVE-2019-0708] vulnerability patched in May, and none of them have been seen exploited in the wild. However, four elevation of privilege vulnerabilities had been previo

3 min Patch Tuesday

Patch Tuesday - May 2019

Hot on the heels of several Apple security advisories [https://support.apple.com/en-us/HT201222] on Monday, May's Patch Tuesday sees Microsoft fix nearly 80 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d] across their product line, some of them very serious indeed, and Adobe address over 80 in Acrobat Reader [https://helpx.adobe.com/security/products/acrobat/apsb19-18.html] alone. A fix for a critical remote cod

2 min Patch Tuesday

Patch Tuesday - April 2019

Today's Microsoft updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d] resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0803] and CVE-2019-0859 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0

3 min Patch Tuesday

Patch Tuesday - March 2019

Today Microsoft released updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d] that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748] , a remote code execution (RCE) vulnerability in the Acces

2 min Patch Tuesday

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573] being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]), .NET Framework, SharePoint, Exchange, and another slew of JET Database Engi

2 min Patch Tuesday

Patch Tuesday - January 2019

Microsoft's first updates of the year [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573] address 49 separate vulnerabilities, which is on the low side relatively speaking. We're also getting rare respite from Flash vulnerabilities (although Adobe published [https://helpx.adobe.com/security/products/flash-player/apsb19-01.html] a "security bulletin" for Flash today, the new version does not actually contain any security fixes). It's

5 min Haxmas

HaXmas Review: 12 Patch Tuesdays a-Patching

Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.