7 min
Vulnerability Management
Patch Tuesday - October 2021
Today’s Patch Tuesday sees Microsoft issuing fixes
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct] for over 70 CVEs,
affecting the usual mix of their product lines. From Windows, Edge, and Office,
to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for
workstation and server administrators alike.
One vulnerability has already been seen exploited in the wild: CVE-2021-40449
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40449] is
an elev
Read Full Post
7 min
Vulnerability Management
Patch Tuesday - February 2021
The second Patch Tuesday of 2021 is relatively light on the vulnerability count,
with 64 CVEs being addressed across the majority of Microsoft’s product
families. Despite that, there’s still plenty to discuss this month.
Vulnerability Breakdown by Software Family
FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools
8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly
Disclosed Vulnerabilities
One zero-day was announced: CVE-2021-1732
[https:
Read Full Post
2 min
Vulnerability Management
Patch Tuesday - May 2020
Microsoft's fifth Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May]
of the year brings us fixes for 111 different security issues, just a touch
under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/]
but still on the higher side of their typical volume. No 0-days to speak of, and
no vulnerabilities that had been publicly disclosed before today.
The bulk of this month's fixes, as well as most of the critical ones, are fo
Read Full Post
5 min
Vulnerability Management
How to Measurably Reduce False Positive Vulnerabilities by Up To 22%
Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.
Read Full Post
3 min
Vulnerability Management
Patch Tuesday - January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
[https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
Microsoft by the NSA: CVE-2020-0601
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601]
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - October 2019
This month's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573]
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
and nothing that could allow worms to proliferate. And nothing from Adobe
[https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's
nothing to do: Microsoft still published 59 CVE
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - September 2019
Today Microsoft released fixes
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573]
for 79 separate security flaws, affecting products across much of their
portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1214]
and CVE-2019-1215
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215]
are both privilege
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - August 2019
First off, the big news for today's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d]
: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities,
reminiscent of the BlueKeep
[/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/]
vulnerability (CVE-2019-0708
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708]
) that was patched last May. CVE-2019-11
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - July 2019
Patch Tuesday for July 2019 is on the heavier side as far as they go, with
Microsoft fixing 77 vulnerabilities
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573]
in total. Microsoft also published an advisory
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190021]
describing a
cross-site scripting vulnerability in the on-premise edition of Outlook for web
(previously known as Outlook Web App), but instead of
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - June 2019
Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88
vulnerabilities
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573]
, the highest count so far this year. Nothing this month seems "wormable" like
the BlueKeep [https://www.rapid7.com/db/?q=CVE-2019-0708] vulnerability patched
in May, and none of them have been seen exploited in the wild. However, four
elevation of privilege vulnerabilities had been previo
Read Full Post
3 min
Patch Tuesday
Patch Tuesday - May 2019
Hot on the heels of several Apple security advisories
[https://support.apple.com/en-us/HT201222] on Monday, May's Patch Tuesday sees
Microsoft fix nearly 80 vulnerabilities
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d]
across their product line, some of them very serious indeed, and Adobe address
over 80 in Acrobat Reader
[https://helpx.adobe.com/security/products/acrobat/apsb19-18.html] alone. A fix
for a critical remote cod
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - April 2019
Today's Microsoft updates
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d]
resolve over 70 vulnerabilities, most of which affect the Windows operating
system itself. Two of the vulnerabilities are already being exploited in the
wild. Both CVE-2019-0803
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0803]
and CVE-2019-0859
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0
Read Full Post
3 min
Patch Tuesday
Patch Tuesday - March 2019
Today Microsoft released updates
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d]
that resolve over 60 different vulnerabilities. As usual, Windows, web browsers,
and SharePoint Server are all affected. Office gets off relatively lightly with
only a single vulnerability fixed (CVE-2019-0748
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748]
, a remote code execution (RCE) vulnerability in the Acces
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - February 2019
Microsoft got back in the swing of things today after a couple of relatively
light months, with over 70 separate CVEs
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573]
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
Read Full Post
2 min
Patch Tuesday
Patch Tuesday - January 2019
Microsoft's first updates of the year
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573]
address 49 separate vulnerabilities, which is on the low side relatively
speaking. We're also getting rare respite from Flash vulnerabilities (although
Adobe published
[https://helpx.adobe.com/security/products/flash-player/apsb19-01.html] a
"security bulletin" for Flash today, the new version does not actually contain
any security fixes). It's
Read Full Post