Posts tagged Patch Tuesday

9 min Vulnerability Management

Patch Tuesday - March 2021

Another Patch Tuesday (2021-Mar [https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar]) is upon us and with this month comes a whopping 122 CVEs.  As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server vulnerabilities this month are not to be ignored as more than half of them have been seen exploited in the wild. Vulnerability Breakdown by S

7 min Vulnerability Management

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools 8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly Disclosed Vulnerabilities One zero-day was announced: CVE-2021-1732 [https:

7 min Vulnerability Management

Patch Tuesday - January 2021

We arrive at the first Patch Tuesday of 2021 (2021-Jan [https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan]) with 83 vulnerabilities across our standard spread of products.  Windows Operating System vulnerabilities dominated this month's advisories, followed by Microsoft Office (which includes the SharePoint family of products), and lastly some from less frequent products such as Microsoft System Center and Microsoft SQL Server. Vulnerability Breakdown by Software Family FamilyVulnera

6 min Vulnerability Management

Patch Tuesday - December 2020

We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months (high thirties), it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported vulnerabilities covered this month has been publicly exploited nor previously publicly disclosed and only 9 of the 58 vulnerabilities have been marked as Critical by Microsoft. In terms of actionables, stan

3 min Vulnerability Management

Patch Tuesday - November 2020

Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087] Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day

4 min Vulnerability Management

Patch Tuesday - October 2020

Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200012]. Despite this month's lower numbers, there are some precautions we should all take to remediate our environments quickly and effectively.

3 min Vulnerability Management

Patch Tuesday - September 2020

129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday) Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance. While following standard procedures of scheduling the patching for Windows OSes up front immediately closes the door against 60%+ of the vulnerabilities being disclosed this

4 min Vulnerability Management

Patch Tuesday - August 2020

120 Vulnerabilities Patched in Microsoft's August 2020 Update Tuesday (2020-Aug Patch Tuesday) August 2020 brings along patches for 120 vulnerabilities within the standard set of Microsoft products (Windows, Office, Browsers, and Developer Tools such as .NET Framework, ASP.NET, and Visual Studio).  Among the crowd are two vulnerabilities: CVE-2020-1464 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464] , and CVE-2020-1380 [https://portal.msrc.microsoft.com/en-US/s

3 min Vulnerability Management

Patch Tuesday - July 2020

100+ vulnerabilities patched during Patch Tuesdays the new norm Another 123 CVEs are covered this month from Microsoft for the 2020-Jul Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul] .  In addition to our usual suspects like Windows, Internet Explorer/Microsoft Edge, and Microsoft Office this Patch Tuesday addresses several developer-type tools such as .NET Framework, Visual Studio Code ESLint extension along with various Open Source Software

3 min Vulnerability Management

Patch Tuesday - June 2020

June 2020's Microsoft Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun] gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses CVE-2020-9633 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010] -- a high severity remote code execution vulnerability).  While the consistently high volume of vulnerabilities being addressed each month is alarming at times, there is a sense of peace in the steps Micros

2 min Vulnerability Management

Patch Tuesday - May 2020

Microsoft's fifth Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May] of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/] but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today. The bulk of this month's fixes, as well as most of the critical ones, are fo

2 min Vulnerability Management

Patch Tuesday - April 2020

Global working-from-home routines haven't slowed down Microsoft and its ability to help close up vulnerabilities in their products. This April Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr] (WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's not the highest we've seen, but it is still an impressive spread of fixes coming in this month with a fair number resolving SharePoint and Office vulnerabilities along with the

2 min Vulnerability Management

Patch Tuesday - March 2020

Let's start off talking about CVE-2020-0688 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688] from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At the time it was published February 11, 2020, the vulnerability had not seen active exploitation. As of March 9, 2020, there were increasing reports of activity [https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/] happening on unpatched Exchange

3 min Patch Tuesday

Patch Tuesday - February 2020

A relatively modest 99-vulnerability February Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb] has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674] (originally ADV200001 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001]) announced back on January 17.  Fortunately, that is the only vulnerability reported this month th

3 min Vulnerability Management

Patch Tuesday - January 2020

The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour [https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the NSA: CVE-2020-0601 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601] is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC) c

2 min Patch Tuesday

Patch Tuesday - December 2019

Today we come to the end of 2019's monthly Microsoft Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec] (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a light month, there's still action to be taken. CVE-2019-1458 [https://portal.msrc.microsoft.com/en-US/security-guidance/advis

3 min Patch Tuesday

Patch Tuesday - November 2019

November's Patch Tuesday is upon us and, this month, Microsoft addressed 74 vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429] ) has been seen under active exploitation. By prioritizing the released Microsoft Windows and Internet Explorer patches, the door to 58 of the 74 vulnerabilities will be closed off. Also, for the second month in a row, this Patch Tuesday sees an absent security upd

2 min Patch Tuesday

Patch Tuesday - October 2019

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573] is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe [https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's nothing to do: Microsoft still published 59 CVE

2 min Patch Tuesday

Patch Tuesday - September 2019

Today Microsoft released fixes [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573] for 79 separate security flaws, affecting products across much of their portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1214] and CVE-2019-1215 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215] are both privilege

2 min Patch Tuesday

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d] : Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep [/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/] vulnerability (CVE-2019-0708 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708] ) that was patched last May. CVE-2019-11

2 min Patch Tuesday

Patch Tuesday - July 2019

Patch Tuesday for July 2019 is on the heavier side as far as they go, with Microsoft fixing 77 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573] in total. Microsoft also published an advisory [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190021] describing a cross-site scripting vulnerability in the on-premise edition of Outlook for web (previously known as Outlook Web App), but instead of

2 min Patch Tuesday

Patch Tuesday - June 2019

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573] , the highest count so far this year. Nothing this month seems "wormable" like the BlueKeep [https://www.rapid7.com/db/?q=CVE-2019-0708] vulnerability patched in May, and none of them have been seen exploited in the wild. However, four elevation of privilege vulnerabilities had been previo

3 min Patch Tuesday

Patch Tuesday - May 2019

Hot on the heels of several Apple security advisories [https://support.apple.com/en-us/HT201222] on Monday, May's Patch Tuesday sees Microsoft fix nearly 80 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d] across their product line, some of them very serious indeed, and Adobe address over 80 in Acrobat Reader [https://helpx.adobe.com/security/products/acrobat/apsb19-18.html] alone. A fix for a critical remote cod

2 min Patch Tuesday

Patch Tuesday - April 2019

Today's Microsoft updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d] resolve over 70 vulnerabilities, most of which affect the Windows operating system itself. Two of the vulnerabilities are already being exploited in the wild. Both CVE-2019-0803 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0803] and CVE-2019-0859 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0

3 min Patch Tuesday

Patch Tuesday - March 2019

Today Microsoft released updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d] that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748] , a remote code execution (RCE) vulnerability in the Acces

2 min Patch Tuesday

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573] being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]), .NET Framework, SharePoint, Exchange, and another slew of JET Database Engi

2 min Patch Tuesday

Patch Tuesday - January 2019

Microsoft's first updates of the year [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573] address 49 separate vulnerabilities, which is on the low side relatively speaking. We're also getting rare respite from Flash vulnerabilities (although Adobe published [https://helpx.adobe.com/security/products/flash-player/apsb19-01.html] a "security bulletin" for Flash today, the new version does not actually contain any security fixes). It's

5 min Haxmas

HaXmas Review: 12 Patch Tuesdays a-Patching

Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.

2 min Patch Tuesday

Patch Tuesday - December 2018

It's the last Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c54acc6-2ed2-e811-a980-000d3a33a34d] of 2018! As is often the case in December, it's a relatively light one with "only" 38 CVEs. (Every other month in 2018 clocked in with at least 50 patched vulnerabilities.) This is in addition to the two Adobe Flash CVEs [http://helpx.adobe.com/security/products/flash-player/apsb18-42.html] that were patched out-of-band last week, due to a remote code ex

2 min Patch Tuesday

Patch Tuesday - November 2018

Microsoft's patches this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ff746aa5-06a0-e811-a978-000d3a33c573] address over 60 vulnerabilities. Just like last month [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8453] , another zero-day privilege escalation vulnerability in Win32k has been patched. CVE-2018-8589 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8589] has been seen exploited in the wild,

3 min Penetration Testing

7 Funny and Punny Halloween Costume Ideas for Tech and Cybersecurity Pros

Stuck on what to be this year? Here are some of our favorite Halloween costume ideas for tech and cybersecurity professionals.

2 min Patch Tuesday

Patch Tuesday - October 2018

This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.

3 min Patch Tuesday

Patch Tuesday - September 2018

More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).

2 min Patch Tuesday

Patch Tuesday - August 2018

Microsoft's updates this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573] address over 60 vulnerabilities, 20 of which are classified as Critical. As usual, most of this month's fixes are browser-related, and nearly half of the flaws could lead to remote code execution (RCE). Patches for Exchange, SQL Server, and Microsoft Office were also released. Two of this month's vulnerabilities have already been seen exploited in th

2 min Patch Tuesday

Patch Tuesday - July 2018

This month's security updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573] from Microsoft address 50 separate vulnerabilities, including two fixes [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017] for Adobe Flash Player (APSB18-24 [https://helpx.adobe.com/security/products/flash-player/apsb18-24.html]). There are no 0-days this month, although three vulnerabilities had been publicly disclosed pri

2 min Patch Tuesday

Patch Tuesday - June 2018

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573] is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by Microsoft. However, a bit of excitement came earlier this month, with an out-of-band patch for Adobe Flash Player released last Thursday [https://helpx.adobe.com/security/products/flash-player/apsb18-19.html] to fix four security issues. Two of these were flaws that can lead

2 min Patch Tuesday

Patch Tuesday - May 2018

Microsoft has released patches [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/a82328f9-1f26-e811-a968-000d3a33a34d] that resolve over 60 separate vulnerabilities including an update [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180008] for Flash Player that addresses a critical Remote Code Execution (RCE) vulnerability (CVE-2018-4944 [https://helpx.adobe.com/security/products/flash-player/apsb18-16.html]). As usual, the majority of fixes a

3 min Patch Tuesday

Patch Tuesday - April 2018

Over 70 vulnerabilities have been fixed this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d] , including 6 in Adobe Flash [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] ( APSB18-08 [https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once ag

2 min Patch Tuesday

Patch Tuesday - March 2018

There are a lot of fixes this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d] : Microsoft's updates include patches for 76 separate vulnerabilities, including two critical Adobe Flash Player remote code execution (RCE) vulnerabilities [https://helpx.adobe.com/security/products/flash-player/apsb18-05.html]. In fact all of this month's critical vulnerabilities are browser-related. This is not surprising considering web brows

2 min Patch Tuesday

Patch Tuesday - February 2018

It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual CVEs have been fixed [https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft, most of which (34) are rated "Important". As usual, most of the 14 considered "Critical" are web browser vulnerabilities that could lead to remote code execution (RCE). The most concerning non-browser issue is CVE-2018-0825 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825] , an RCE i

3 min Patch Tuesday

Patch Tuesday - January 2018

The first Microsoft patches of 2018 came early, with new updates released late Wednesday, January 3rd. Although this was due to the (somewhat [https://www.freebsd.org/news/newsflash.html#event20180104:01]) coordinated disclosure of the Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] vulnerabilities, last week’s updates also contained fixes for 33 additional CVEs. These days, Microsoft releases their OS updates as monolithi

6 min Haxmas

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12 months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only eleven months this year, thanks to Microsoft canceling [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] most of February’s planned fixes. This coincided with when they’d planned to [https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/] roll out their

2 min Patch Tuesday

Patch Tuesday - December 2017

No big surprises from Microsoft this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6] , with 70% of the 34 vulnerabilities addressed being web browser defects. Most of these are Critical Remote Code Execution (RCE) vulnerabilities, so administrators should prioritize patching client workstations. It doesn't take sophisticated social engineering tactics to convince most users to visit a malicious web page, or a legitimate but

1 min Patch Tuesday

Patch Tuesday - November 2017

Web browser issues account for two thirds of this month's patched vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99] , with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these are classified as Critical (allowing code execution without user interaction). This is no surprise, as browser bugs are typically well represented on Patch Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie

2 min Patch Tuesday

Patch Tuesday - October 2017

Patch Tuesday round-up for October 2017

1 min Patch Tuesday

Patch Tuesday - September 2017

It's a big month, with Microsoft patching [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99] 85 separate vulnerabilities including the two Adobe Flash Player Remote Code Execution [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013] (RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing recent trends, the bulk of Critical RCE vulnerabilities are client-side, primarily in Edge, IE,

1 min Patch Tuesday

Patch Tuesday - August 2017

It was a busy month this month with a total of 48 security issues fixed. All of these have a severity of Critical or Important with Remote Code Execution vulnerabilities again figuring highly, particularly for Microsoft Edge. There were also a few publicly disclosed vulnerabilities that were fixed, including CVE-2017-8633 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633] (Privilege Escalation with Windows Error Reporting). None of the disclosed vulnerabilities

2 min Microsoft

Patch Tuesday - June 2017

This month sees another spate of critical fixes [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99] from Microsoft, including patches for a number of Remote Code Execution (RCE) vulnerabilities. Two of these are already known to be exploited in the wild ( CVE-2017-8543 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543] and CVE-2017-8464 [https://portal.msrc.microsoft.com/en-US/security-guidance/advis

2 min Microsoft

Patch Tuesday - May 2017

It's a relatively light month as far as Patch Tuesdays go, with Microsoft issuing fixes for a total of seven vulnerabilities as part of their standard update program. However, an eighth, highly critical vulnerability (CVE-2017-0290 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290] ) that had some of the security community buzzing over the weekend was also addressed [https://technet.microsoft.com/en-us/library/security/4022344] late Monday evening. A flaw in the

4 min Microsoft

Simple Vulnerability Remediation Collaboration with InsightVM

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management [https://rapid7.com/solutions/vulnerability-management/] needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security teams build a self-service workflow for their remediators and run into lack of user adoption – remediators just are not logging in to the security con

5 min Microsoft

Actionable Vulnerability Remediation Projects in InsightVM

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM [https://rapid7.com/products/insightvm/] was designed to drive more effective remediation efforts by allowing users to project manage efforts both large and small. Remediation Workflow is designed for

1 min Microsoft

Patch Tuesday - April 2017

This month's updates deliver vital client-side fixes, resolving publicly disclosed remote code execution (RCE) vulnerabilities for Internet Explorer and Microsoft Office that attackers are already exploiting in the wild. In particular, they've patched the CVE-2017-0199 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199] zero-day flaw in Office and WordPad, which could allow an attacker to run arbitrary code on a victim's system if they are able to successfully soc

2 min Microsoft

Patch Tuesday - March 2017

Due in part to the delay [/2017/02/14/february-2017-patch-tuesday-delayed] of February's fixes, today's Patch Tuesday is a big one, comprising 18 bulletins [https://technet.microsoft.com/en-us/library/security/ms17-mar.aspx] split evenly between "Critical" and "Important" ratings. It's also significant as three of the bulletins (MS17-006 [https://technet.microsoft.com/library/security/MS17-006], MS17-012 [https://technet.microsoft.com/library/security/MS17-012], and MS17-013 [https://technet.mic

0 min Microsoft

February 2017 Patch Tuesday: Delayed

Earlier today Microsoft announced [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] that they will be delaying this month's security updates due to finding a last-minute issue that could "impact some customers." This may be due to a glitch in their new process [/2017/02/06/a-reminder-about-upcoming-microsoft-vulnerability-content-changes] that they were not able to iron out in time for today's planned release. We will be keeping an eye out for any up

2 min Microsoft

A Reminder About Upcoming Microsoft Vulnerability Content Changes

Update (February 14th): Microsoft has delayed [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] the release of their February 2017 security updates due to a last-minute issue. As always, we will provide timely coverage for the vulnerabilities once Microsoft has published the updates. Next Tuesday (February 14th) will mark a major change in how Microsoft issues their security updates. Since October 2003, on the second Tuesday of each month (plus occasi

2 min Nexpose

Patch Tuesday, January 2017

Update: See below for an update for the upcoming February Patch Tuesday. Microsoft starts off the year with 4 bulletins [https://technet.microsoft.com/library/security/ms17-jan] and continues a long running trend with their products where the majority of bulletins (2) are remote code execution (RCE) followed by an even distribution of elevation of privilege and denial of service. Missing from this month's list of affected products is Internet Explorer, which typically complements the Edge bull

2 min Nexpose

Patch Tuesday, December 2016

December [https://technet.microsoft.com/en-us/library/security/ms16-dec.aspx] continues a long running trend with Microsoft's products where the majority of bulletins (6) are dominated by remote code execution (RCE) followed by an even distribution of elevation of privilege (3) and information disclosure (3). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Offic

3 min Nexpose

Patch Tuesday, November 2016

November [https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx] continues a long running trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE), closely followed by elevation of privilege (6) and security feature bypass (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and

2 min Nexpose

Patch Tuesday, October 2016

October [https://technet.microsoft.com/library/security/ms16-oct] continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as

3 min Nexpose

Patch Tuesday, September 2016

September [https://technet.microsoft.com/en-us/library/security/ms16-sep.aspx] continues a long running trend with Microsoft's products where the majority of bulletins (10) address remote code execution (RCE) followed by elevation of privilege (2) and information disclosure (2). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps

2 min Nexpose

Patch Tuesday, August 2016

August continues [https://technet.microsoft.com/en-us/library/security/ms16-aug.aspx] an on-going trend with Microsoft's products, the majority of bulletins (5) address remote code execution (RCE) followed by elevation of privilege (2), security feature bypass (1) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services and We

2 min Nexpose

Patch Tuesday, July 2016

July [https://technet.microsoft.com/en-us/library/security/ms16-jul.aspx] continues an on-going trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by information disclosure (2), security feature bypass (2) and elevation of privilege (1). All of this month's 'critical' bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services

2 min Nexpose

Update Tuesday, June 2016

June continues an on-going trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE) with elevation of privilege as a close second (6); the three address information disclosure (2) and denial of service. All critical bulletins are remote code execution vulnerabilities affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services and Web Apps as well as Windows (client and server). However, this mon

2 min Nexpose

Patch Tuesday, May 2016

May continues a long-running trend with Microsoft where the majority of bulletins (10) address remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (2), information disclosure (2) and security feature bypass. All critical bulletins are remote code execution issues affecting a variety of products and platforms including Adobe Flash Player, Edge, Internet Explorer, .NET Framework, Office, Office Services and Web Apps and Windows (client and server). Looking b

2 min Nexpose

Update Tuesday, April 2016

April continues a long-running trend with Microsoft where the majority of bulletins (9) address remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (2), security feature bypass and denial of service (DOS). All critical bulletins are remote code execution issues affecting a variety of products and platforms including Adobe Flash Player, Edge, Internet Explorer, .NET Framework, Office, Office Services and Web Apps, Skype for Business, Lync and Windows (client

2 min Microsoft

On Badlock for Samba (CVE-2016-2118) and Windows (CVE-2016-0128)

Today is Badlock Day You may recall that the folks over at badlock.org [http://badlock.org/] stated about 20 days ago that April 12 would see patches for "Badlock," a serious vulnerability in the SMB/CIFS protocol that affects both Microsoft Windows and any server running Samba, an open source workalike for SMB/CIFS services. We talked about it back in our Getting Ahead of Badlock [/2016/03/30/getting-ahead-of-badlock] post, and hopefully, IT administrators have taken advantage of the pre-releas

2 min Nexpose

Update Tuesday, March 2016

March continues this quarter's trend with the majority of bulletins (8) addressing remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (4) and security feature bypass. All of the critical bulletins are remote code execution issues affecting a variety of products and platforms including Edge, Internet Explorer, Office, Office for Mac, Office Web Apps, SharePoint and releases of Microsoft Windows (Client and Server). This month Microsoft resolves 39 vulnerab

1 min Nexpose

Update Tuesday, February 2016

February continues this quarter's trend with the majority of bulletins (7) addressing remote code execution (RCE) vulnerabilities; the remaining 6 evenly address denial of service (DOS) and elevation of privilege. All of the critical bulletins (MS16-009, MS16-011. MS16-012, MS16-013, MS16-015, MS16-022) are remote code execution issues affecting a variety of products and platforms include Edge, Internet Explorer, Office, Office for Mac, Office Web Apps, SharePoint and releases of Microsoft Windo

1 min Nexpose

Update Tuesday, January 2016

The year's first release contains 9 bulletins, 7 remote code execution (RCE), an elevation of privilege and spoofing vulnerability. The critical bulletins (MS15-001, MS15-002, MS15-003, MS15-004, MS15-005, MS15-006) are comprised of remote code execution vulnerabilities affecting a variety of products and platforms including Edge, Internet Explorer (7 and onwards), Excel Viewer, Office, SharePoint Server, Silverlight, Word Viewer, VBScripting engine and all supported releases of Microsoft Window

2 min Nexpose

Update Tuesday, December 2015

December continues this quarter's trend, 10 bulletins addressing remote code execution (RCE) vulnerabilities, while the remaining two address elevation of privilege. The vulnerabilities affect Internet Explorer (7 and onwards), Edge, Office, Silverlight, VBScript scripting engine and Windows (Vista and onwards). It is advisable for users and administrators to patch the affected platforms. Microsoft released 12 security bulletins this month, two thirds of them rates as critical, resolving a tot

2 min Nexpose

Update Tuesday, November 2015

November sees a mix of remote code execution and elevation of privilege vulnerabilities enabling an attacker to gain the same rights as the user when the victim opens specially crafted content, such as a webpage, journal file or document containing embedded fonts. These vulnerabilities affect Internet Explorer (7 and onwards), Edge, and Windows (Vista and onwards).  It is advisable for users and administrators to patch the affected platforms. Microsoft includes 12 security bulletins, a third of

1 min Microsoft

Update Tuesday, October 2015

This month is dominated by remote code execution vulnerabilities enabling information disclosure if a user opens/visits specifically crafted content. The vulnerabilities affect Internet Explorer, Edge, Windows Shell and Microsoft Office. It is advisable for users and administrators to patch the affected platforms. Microsoft includes 6 security bulletins, half of which are rated critical, resolving a total of 19 vulnerabilities. All of the critical bulletins (MS15-106 [https://technet.microsoft.

3 min Microsoft

Update Tuesday, August 2015

This month's update includes 14 Microsoft security bulletins (52 CVEs), with three being rated as critical. One of these vulnerabilities has already affected MS office (MS15-081) and has been detected as being exploited in the wild. As per the norm, Adobe has also released a high priority Air\Flash security patch (APSB15-19) to address 34 CVEs on multiple affected platforms (IE, Edge, Windows, Macintosh, Android and iOS). Microsoft seems to have implemented a new strategy for Windows 10, as the

2 min Patch Tuesday

R7-2015-09: Oracle Java JRE AES Intrinsics Remote Denial of Service (CVE-2015-2659)

Java 8 servers versions prior to u46 are susceptible to a remote unauthenticated denial of service (hard crash) when used with AES intrinsics (AES-NI) CPU extensions on supported processors. AES intrinsics are enabled by default on the Oracle JVM if the the JVM detects that processor capability, which is common for modern processors manufactured after 2010. For more on AES-NI, see the Wikipedia article [http://en.wikipedia.org/wiki/AES_instruction_set]. This issue was tracked in the OpenJDK pu

1 min Patch Tuesday

Patch Tuesday, May 2015

This month Microsoft has released 13 security bulletins, once again this affects all supported platforms and includes remote code execution and elevation of privilege vulnerabilities. To accompany these patch updates, Adobe has released new versions of Reader, Acrobat and Flash Player resulting in vulnerability fixes for 52 CVEs (most of which are rated as critical). Of the 13 Microsoft bulletins, 3 are rated as critical and require user interaction for exploitability, this is typical of attacks

2 min Patch Tuesday

Patch Tuesday, April 2015

Administrators and security teams are in for a busy couple days tackling 11 Microsoft security bulletins, 3 Adobe updates and Oracle updates for 43 of their product suites (including Java, Databases and Solaris). Of the 11 Microsoft bulletins, 4 are rated as 'Critical' and affect virtually all supported desktop/server platforms and all supported installations of MS Office (including Office for Mac 2011). These 11 bulletins address 26 CVEs, with the exploitation of CVE-2015-1641 being detected i

2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi

2 min Patch Tuesday

Patch Tuesday, February 2015

For the second straight month Microsoft is holding fast to their blockade of information.  Customers with “Premier” support are getting a very sparse advance notification 24 hours before the advisories drop, and “myBulletins” continues to be useless because it is not updated until well after the patch Tuesday release.  Microsoft called this an evolution, and I can certainly see why – they are applying a squeeze to security teams that will eliminate the weak members of the herd. This month we ar

2 min Microsoft

Patch Tuesday, January 2015 - Dawn of a new era

Microsoft's January 2015 patch Tuesday marks the start of a new era.  It seems that Microsoft's trend towards openness in security has reversed and the company that was formerly doing so much right, is taking a less open stance with patch information.  It is extremely hard to see how this benefits anyone, other than, maybe who is responsible for support revenue targets for Microsoft. What this means is that the world at large is getting their first look at understandable information about this

2 min Microsoft

Patch Tuesday - December 2014

December's advanced Patch Tuesday brings us seven advisories, three of which are listed as Critical.  Depending on how you want to count it, we see a total of 24 or 25 CVEs because one of the Internet Explorer CVEs in MS14-080 overlaps with the VBScript CVE in MS14-084. Of the critical issues, MS14-080 has the broadest scope, with 14 CVEs.  None of which are publically disclosed or known to be under active exploit.  The shared CVE with MS14-084 presents a patching and detection challenge becaus

1 min Patch Tuesday

Patch Tuesday, November 2014

Patch Tuesday came in hot this month with 15 advisories, of which 4 are listed as critical.  Hate to point it out, but this was originally advertised as 16 with 5 critical, but the patch for MS14-068 apparently isn't ready for prime time yet.  Hopefully the decision to hold it back was based on both the testing and an assessment of risk. The top patching priority is definitely going to be MS14-064, which is under active exploitation in the wild and may be related, at least superficially, to las

2 min Patch Tuesday

SChannel and MS14-066, another Red Alert?

This has been a busy Patch Tuesday for Microsoft. Of the fourteen bulletins, four of which were deemed critical, MS14-066 [https://technet.microsoft.com/library/security/ms14-066] has been getting significant attention. This vulnerability, CVE-2014-6321 [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321], affects Windows Secure Channel (SChannel) [http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx] and was discovered privately by Microsoft through an in

2 min Microsoft

October Patch Tuesday + Sandworm

Microsoft is back in fine form this month with eight upcoming advisories affecting Internet Explorer, the entire Microsoft range of supported operating systems, plus Office, Sharepoint Server and a very specific add on module to their development tools called “ASP .NET MVC”.  Originally nine advisories were listed in the advance notice, but one of the vulnerabilities affecting Office and the Japanese language IME was dropped for reasons unknown (the dropped advisory was bulletin #4 in the advanc

2 min Microsoft

Patch Tuesday - September 2014

It's a light round of Microsoft Patching this month.  Only four advisories, of which only one is critical.  The sole critical issue this month is the expected Internet Explorer roll up affecting all supported (and likely some unsupported) versions.  This IE roll up addresses 36 privately disclosed Remote Code Execution issues and 1 publically disclosed Information Disclosure issue which is under limited attack in the wild. This will be the top patching priority for this month. Of the three no

1 min Microsoft

August Patch Tuesday

Microsoft clearly wants everyone to shake off the dog days of summer and pay attention to patching.  This month's advance notice contains nine advisories spanning a range of MSFT products.  We have the ubiquitous Internet Explorer all supported versions patch (MS14-051), with the same likely caveat that this would apply to Windows XP too, if Microsoft still supported it.  This patch addresses the sole vulnerability to be actively exploited in the wild from in this month's crop of issues, CVE-201

2 min Microsoft

Patch Tuesday, June 2014

Patch Tuesday, June 2014 delivers seven advisories, of them, two critical, five important – one of which is the seldom seen “tampering” type. The remarkable item in this month's advisories is MS14-035, the Internet Explorer patch affecting all supported versions.  That in itself is not unique, we see one of these almost every month, but this time the patch addresses 59 CVEs, that is 59 distinct vulnerabilities in one patch! Microsoft asserts that while two of the vulnerabilities (CVE-2014-1770

3 min Microsoft

Patch Tuesday, May 2014 - Lots going on

There is a lot going on in the updates from Microsoft this month, including some very interesting and long time coming changes. Also, it's the highest volume of advisories so far this year, with eight dropping on us, two of which are labelled as critical. How to describe the patching priority is going to be very subjective.  Microsoft has identified three of these advisories: MS14-024, MS14-025, & MS14-029, the IE patch as priority 1 patching concerns. Interestingly MS14-029 which is the update

3 min Microsoft

It's the end of XP as we know it, April Patch Tuesday 2014, and, oh yeah... heartbleed.

So this is it, the last hurrah for the once beloved XP, the last kick at the can for patching up the old boat.  Sure, by today's standards it's a leaky, indefensible, liability, but… hey, do you even remember Windows 98?  Or (*gasp*) ME?  At least we can all finally put IE 6 to rest, once and for all, the final excuse for corporate life-support has been pulled… except for legacy apps built so poorly that they depend on IE 6 and are “too costly” to replace. As everyone should know by now, ther

1 min Microsoft

Patch Tuesday - March 2014

Microsoft's March Patch Tuesday again came in on the lighter side of some months.  This continues the 2014 trend of smaller Patch Tuesdays.  We only see 2 issues that are critical/remote code execution, one of which is the usual IE (MS14-012), the other is an an issue in the DirectShow libraries (MS14-013) which affects most versions of Windows from XP up to 8.1/2012r2.  These two are where we should focus our patching efforts. Of the 18 CVEs addressed in MS14-012, one is known to be in limit

3 min Microsoft

Patch Tuesday - February 2014, also, say "buh-bye" to MD5

This was a fairly novel Patch Tuesday (calling it interesting might be too strong a word for Patch Tuesday, unless you work in vulnerability management and geek out on these things - in which case, I thought it was interesting). At first take, it looked like Microsoft would continue the 2014 trend of keeping patch Tuesday relatively light.  There were only 5 advisories this month, two critical, three important.  Emphasis is on the past tense. Monday morning, Microsoft updated the advance no

2 min Microsoft

December 2013 Patch Tuesday

One more go around the block for 2013 and like the last, late tropical storm of the season, Microsoft is taking one last swipe and security and IT teams alike. This Patch Tuesday features a solid 11 advisories affecting 6 different product types.  All supported versions of Windows, Office, Sharepoint, Exchange, Lync and a mixed bag of developer tools are affected.  5 of the advisories are rated critical, including one affecting Exchange and one affecting Sharepoint and Lync, not to mention th

2 min Microsoft

Patch Tuesday October 2013

It's been an interesting month for the Microsoft Security watchers of the world. If your job depends on securing systems running Windows, you should be eagerly awaiting the patch for the Internet Explorer (IE) 0-day (CVE-2013-3893: SetMouseCapture Use-After-Free) vulnerability in today's Patch Tuesday (MS13-080). Exploitation of this vulnerability was detected first in targeted, regionally restricted exploitation, and then later in broader use once the exploit code spread to various public sites

3 min Microsoft

Patch Tuesday, Sept 2013

September's Patch Tuesday is live! The 14 bulletins predicted were cut to 13, with the .NET patch landing on the cutting room floor. A patch getting pulled after the advance notice is up usually indicates that late testing revealed an undesired interaction with another product or component. Of the 13 bulletins remaining they are split 7/6 between the MS Office family and Windows OS patches, if we are counting the Internet Explorer patch as part of the OS patching, anti-trust lawsuits notwiths

2 min Microsoft

August Patch Tuesday

Oh noes! Fire! Look out! Run in circles, scream and shout! There's a remotely exploitable, publicly disclosed, critical remote code execution vulnerability in Microsoft Exchange (MS13-061)! Prepare for the end of teh interwebs. But wait, is it really remotely exploitable? Well, not in the sense that user interaction is not required, it's a parser issue that is only triggered by a user opening a malicious message in Outlook Web Access (OWA). Okay, but it's still publicly disclosed right? I mean

2 min Microsoft

Patch Tuesday - July Edition!

This month's patch Tuesday the polar opposite of last month's ho-hum, here-we-go-again-with-the-patches exercise. There are 7 advisories and 6 of those are critical issues allowing remote code execution. Basically everything in the core Microsoft world is affected by one or more of these, every supported OS, every version of MS Office, Lync, Silverlight, Visual Studio and .NET.  It's going to be a busy time for security teams everywhere. For the first time ever Microsoft is addressing a singl

2 min Microsoft

Patch Tuesday - April 2013 Edition!

The April 2013 MS Tuesday advisories are is out and it forecasts an interesting patching session for Microsoft administrators.  There are 9 advisories, for 14 CVEs, affecting 16 distinct platforms in 5 categories of Microsoft products, including the not-often-seen patching of “Microsoft Office Web Apps” and “Microsoft Security Software”. Once again there is an IE patch (MS13-028) which is rated critical, but this one differs from last month's incarnation by applying to all supported versions

2 min Microsoft

January is not over yet

Seems like a lot of activity already this year in the security world by way of high profile, already being exploited vulnerabilities.   First the Adobe Flash and Acrobat/Reader fixes [/2013/01/08/adobe-joins-the-january-patching-fun], then the Ruby on Rails exploit [/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156] and now Oracle turning around a fast fix and Microsoft delivering an out-of-band patch for Internet Explorer. Oracle has moved quickly to release a fix for the vuln

1 min Patch Tuesday

Adobe joins the January patching fun!

Adobe has released two advisories today (APSB13-01 [http://www.adobe.com/support/security/advisories/apsa13-01.html] & APSB13-02 [http://www.adobe.com/support/security/bulletins/apsb13-02.html]) for Flash and Acrobat/Reader and updated their recent advisory [http://www.adobe.com/support/security/advisories/apsa13-01.html] for ColdFusion. The Flash patch applies to all versions including Windows, Linux, Mac, Android, embedded in Chrome & IE 10, and AIR.  This is a serious bug, since Adobe is adm

2 min Microsoft

Microsoft Patch Tuesday, January 8, 2013

The first Microsoft security bulletin of 2013 [http://technet.microsoft.com/en-us/security/bulletin/ms13-jan] includes 7 advisories (MS13-001 – MS13-007), two of which are rated “critical” due to the potential for remote execution. MS13-001 [http://technet.microsoft.com/en-us/security/bulletin/ms13-001] affects the spooler service Windows 7 & 2008, this issue is not as severe as initially feared. It is an interesting defect in that an attacker could queue malicious print job headers to exploit

1 min Microsoft

Microsoft Security Bulletin Summary for August 2012

Microsoft's Patch Tuesday Security Bulletin Summary for August 2012 contains nine bulletins and addresses 28  vulnerabilities. MS12-052 is a critical patch for four vulnerabilities in Internet Explorer 6, 7, and 8. This bulletin is a continuation in Microsoft's monthly Internet Explorer patch cadence. This should be number one on organizations' and consumers' “must patch” list. MS12-053, labeled as critical, patches yet another Remote Desktop Protocol (RDP) vulnerability, though Microsoft st

2 min Microsoft

Microsoft Security Bulletin Summary for July 2012

The Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important. All of the critical bulletins address vulnerabilities where a victim could be exploited if they visit malicious web pages. All three of the critical bulletins should serve as a warning that organizations will continue to face client-side browser related attacks. MS12-043 addresses a vulnerability that is curre

2 min Microsoft

Microsoft Security Bulletin Summary for June 2012

The Microsoft Security Bulletin Summary for June 2012 contains 7 bulletins addressing 28 security bugs.  Three of the bulletins are rated “critical” and the rest “important”. MS12-036 is a critical bulletin that addresses vulnerabilities allowing an attacker remote code execution related to the Windows Remote Desktop Protocol (RDP). This relates to MS12-020, which had organizations on high alert in March after Microsoft issued warnings that the vulnerability could be weaponized to result in wid

2 min Microsoft

Microsoft Security Bulletin Summary for April 2012

Microsoft Security Bulletin Summary for April 2012 contains six bulletins, four of which are rated “critical”.  All of the critical bulletins would result in remote code execution. One of the important bulletins – MS12-028 – could also be looked on as critical because it's easy to exploit and results in remote code execution. MS12-023 is a cumulative security update for Internet Explorer that patches six vulnerabilities. This should be the top priority for organizations as users could be compro

3 min Release Notes

SOC Monkey - Week in Review - 4.6.2012

Welcome back to my weekly wrap up of trending stories displayed on my SOC Monkey App, which as I've mentioned, is free in the Apple App Store. Go! Download! This week, one of the top stories was the Flashback Trojan and the unpatched Java Vulnerability in Mac OS X. The top tweet comes to us from Ars Technica: Flashback trojan reportedly controls half a million Macs and counting [http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting.ars]

1 min Nexpose

How to Check for Remote Desktop Protocol (RDP) Services

There are many organizations concerned with the critical Microsoft Security Bulletin MS12-020 [http://technet.microsoft.com/en-us/security/bulletin/ms12-020] Remote Desktop Protocol (RDP) vulnerability. Here is a quick way to check if you have Remote Desktop Protocol running on your system or network. I used NMAP [http://nmap.org/] to check my home network. In the highlighted text below you can see that NMAP can check for the RDP service running. If you can't patch, this is important because at

2 min Patch Tuesday

Microsoft Security Bulletin Summary for March 2012

The Microsoft Security Bulletin Summary for March 2012 covers one critical, four important bulletins, and one moderate for a total of six bulletins. MS12-020 is labeled as critical and affects all Windows XP Service Pack 3, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 that are running remote desktop protocol (RDP). RDP is used for remote management by many organizations, and this will remind people of the pcAnywhere vulnerabilities in the press

2 min Patch Tuesday

Microsoft Security Bulletin Summary for February 2012

In the Microsoft Security Bulletin Summary for February 2012, Microsoft released nine bulletins to address 20 vulnerabilities. Instead of love on Valentine's day, organizations may have fear pumping through their hearts when you couple the recent news of several high profile breaches with Patch Tuesday. There are four bulletins rated “critical” and they will likely affect all organizations. The critical bulletins are MS12-008, MS12-010, MS12-013, and MS12-016 which are all related to browsers a

2 min Microsoft

Microsoft Security Bulletin for January 2012

Only one of the bulletins is rated “Critical”: MS12-004, which is a vulnerability relating to Windows Media Player.  Exploiting this vulnerability would allow remote code execution and this should be of top concern for both companies and private users. This vulnerability can be exploited by embedded malicious Windows Media Players in web pages. This should serve as a reminder that we should expect researchers and attackers to continue to exploit client applications such as media players and brow

2 min Microsoft

Microsoft Security Bulletin for December 2011

Microsoft's Security Bulletin for December 2011 includes 13 bulletins addressing 17 vulnerabilities. Three of the bulletins are rated "critical": MS11-087, MS11-090, and MS11-092 and the rest are "important". This month many of the patches relate to vulnerabilities with known exploits likely available in the wild, so it is essential that organizations prioritize patching as soon as possible. Microsoft reports that the exploit code for the “critical” MS11-087 and MS11-092 is likely to be in the

2 min Microsoft

Microsoft Patch Tuesday - November 2011

November's Microsoft Patch Tuesday contains four bulletins: one “critical”, two “importants”, and one “moderate”. The majority of these bulletins relate to Microsoft's later versions of the OS, implying that the flaws they address were possibly introduced with Windows Vista. Generally more vulnerabilities are found in earlier versions of the OS, so this month is unusual. The critical bulletin – MS11-083 – is a TCP/IP based, specifically UDP, vulnerability which affects Vista, Windows 7, Server

2 min Microsoft

Zero-Day Attacks: Don't Believe the Hype

Microsoft Security Intelligence Report Volume 11 [http://www.microsoft.com/security/sir/default.aspx] for the first half of 2011 offers solid evidence to support what security researchers have been shouting feverishly for the last year. This is just more data to confirm that zero-day attacks – while they can certainly cause damage – aren't needed for over 99% of actual attacks. The numbers also show that the top two attacks are user related. The top attack vector was attacks requiring user in

2 min Patch Tuesday

October 2011 Patch Tuesday

This month, Microsoft issued eight bulletins, addressing 23 vulnerabilities across Microsoft Windows, Silverlight, .NET and Forefront product lines. Only two bulletins were rated 'critical', and the rest were rated 'important'. In terms of prioritizing patching, when I look at security vulnerabilities, first I want to understand which ones can have the most widespread impact. MS11-081is a cumulative update which affects Internet Explorer, so it relates to both corporate and home users. These v

2 min Microsoft

Microsoft September 2011 Patch Tuesday

This month, Microsoft issued five bulletins to address 15 vulnerabilities.  All of these bulletins are rated “important”; however, while there are no “critical” bulletins this month, organizations should not downplay the vulnerabilities being addressed. It's easy for organizations to gain a false sense of security during a light patch month and sometimes an attitude of complacency towards non-critical vulnerabilities is evident. “Important” vulnerabilities may not give attackers the full roo

1 min Microsoft

August Patch Tuesday

Yesterday was Microsoft Patch Tuesday, with 13 bulletins issued to address 22 vulnerabilities. Of these, only two are rated “critical”; the first of which – MS11-057 – is the latest Internet Explorer cumulative patch. Until this one is patched, we'd recommend limiting your use of Internet Explorer to only visiting trusted sites and remember that it's never a good idea to click on suspect or unknown links. If users are still concerned, they may want to consider using one of the alternate browser

2 min Patch Tuesday

July Patch Tuesday

Only four bulletins in July's Patch Tuesday, but patching a not insignificant 22 vulnerabilities. Only one of the bulletins is classified “critical”: MS11-053. This should be taken seriously as it can allow remote command execution to clients on Windows 7 and Windows Vista. This could affect both consumer and corporate users. In addition, wireless vulnerabilities like this one (MS11-053) are always considered quite sexy because if successfully exploited they allow attackers to do anything the

1 min Patch Tuesday

June Patch Tuesday

This month's Patch Tuesday was another biggie: 16 bulletins addressing 34 vulnerabilities across IE, Office and Windows... Top of the list of things to watch out for are two “critical” bulletins: MS11-050 and MS11-52. These are are effectively attacker's delight since they are browser based, which are the most coveted exploits. They affect Internet Explorer 6,7, and 8: and once these vulnerabilities are weaponized they will be a significant problem as many organizations give their users admi

1 min Patch Tuesday

May Patch Tuesday

So yesterday was Patch Tuesday, and following a mammoth April [https://community.rapid7.com/blogs/rapid7/2011/04/15/april-patch-tuesday-round-up] , it was a pretty quiet one, with only 2 vulnerabilities reported [http://www.microsoft.com/technet/security/Bulletin/MS11-may.mspx], and only one of those given the most severe rating of “critical”.  That said, of course any vulnerability reported should be investigated and understood, and particularly those rated critical. This month the critical

2 min Microsoft

April Patch Tuesday Round-Up

LOTS of patches from Microsoft this week... This week's Patch Tuesday was pretty significant, with a record-tying 17 bulletins that patch a record 64 vulnerabilities, 15 more than the previous largest-ever set in October 2010.  As usual, the Rapid7 team was all over it, monitoring the threat and trying to help out where possible. This month's bulletin addresses vulnerabilities across Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and GDI . There are seve

2 min Vulnerability Disclosure

March Patch Tuesday Roundup

Since Microsoft is on this new staggered pattern of releases, we can expect a feast or famine every other month...so get used to it. Depending on what side of the desk you sit on you can adjust the context. With that being said, this month's release brought us 3 patches addressing  4 vulnerabilities. I think we were all expecting to see the MHTML [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol handler issue resolved, however it didn't make the cut. Make sure IE is in r

6 min Microsoft

February Patch Tuesday Roundup

I think we all knew this was coming...January's release was just too light. This month Microsoft released 12 updates which address 22 vulnerabilities. There were 3 critical updates this release and 9 important fixes. The honorable mention would have to go to the CSS recursive import fix. MS11-003 - CVE-2010-3971- This issue effects the way Cascading Style Sheets access memory in IE. By creating a "use-after-free" condition the attacker is given an opportunity to slip in and execute code on the

2 min Patch Tuesday

January Patch Tuesday Roundup

So I know we all were hoping to see a fix for some of this Windows Graphic Rendering Engine [http://] nastiness...but no go. For now, you'll need to resort to the good ol' FixIt [http://support.microsoft.com/kb/2490606] option or if you wanna get your hands dirty, you can modify the ACL on shimgvw.dll directly. Either way, if you're running IE, you'll have to patiently wait for the official patch release. So this monthly release was lean-n-mean, Microsoft released (2) bulletins, addressing (3)

1 min Patch Tuesday

November Patch Tuesday Roundup

Microsoft's November Patch Tuesday was fairly light with only 3 security bulletins covering 11 vulnerabilities, only one bulletin, MS10-087, was rated critical.    The bulletin related to MS Office 2007 and Office 2010 vulnerability which could be exploited by a classic drive by type attack when a customer views a malicious RTF. As Josh Abraham, Rapid7 security research analyst noted, the fact that November is fairly light could be a blessing. "Based on the huge amount of patches from last mo

1 min Patch Tuesday

October Patch Tuesday Roundup

Although Microsoft's October patch covers 39 vulnerabilities, there are only 4 critical bulletins.   One of the vulnerabilities, covered by bulletin MS10-083, was reported to Microsoft by HD Moore back in 2006.   Unfortunately, according to HD Moore, despite the long wait, the fix “does not completely solve the underlying vulnerability, but it does block the easiest routes to exploitation.” In addition, Josh Abraham, one of Rapid7's vulnerability research experts, recommend paying attention to

2 min Patch Tuesday

September Patch Tuesday Roundup

Microsoft's patch for September includes 4 Critical Bulletins and 5 Important Bulletins covering 11 vulnerabilities. A couple vulnerabilities are worth noting including: MS10-064 a vulnerability in Microsoft Outlook allows for Remote Code Execution. This is the classic drive-by malware in which the attacker sends a malicious email message to the victim.  Simply by opening the contents of an email, the attacker can gain full control of the victim's machine.  Organizations should conduct user aw

2 min Patch Tuesday

August Patch Tuesday Roundup

Microsoft's patch this month, which consists of 14 bulletins that address 34 vulnerabilities, is the largest since October 2009.   With the massive amount of work that lies ahead, it may help to prioritize your work. Josh Abraham, Rapid7 Security Researcher, recommends that you pay particular attention to MS10-054. This vulnerability in the SMB protocol “is potentially the most dangerous vulnerability as it allows unauthenticated attackers to execute arbitrary codes on remote machines.”  Abrah

3 min Patch Tuesday

MS10-046: A rude awakening

Unless you've been living under a rock, you've probably seen some chatter about the Stuxnet worm and the patch now known to the world as MS10-046.  This out-of-band patch Microsoft released on Monday plugged a hole in the Windows shell component which handles lnk file parsing.  That bug  allowed malware authors to piggyback their own malicious code to infect sensitive networks. If you hadn't tasked yourself with reversing the worm to figure out it's internals, you'd think that it was exploitin

4 min Patch Tuesday

January Out of Band Microsoft Patch Tuesday Roundup

After a quiet Patch Tuesday last week with only one vulnerability announced, that calm has been followed by a bit of a storm.  Here is a quick summary of this month's summary of Microsoft's Out of Band Security update ... 1 updates, with 8 vulnerabilities covered. Here's the breakdown: MS10-002 [http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx]: Rated Critical. Potential Remote Code Execution, covering 8 vulnerabilities: CVE-2009-4074 [http://www.cve.mitre.org/cgi-bin/cvenam

4 min Patch Tuesday

December Microsoft Patch Tuesday Roundup

Time once again for this month's summary of the latest Microsoft Security updates.  NeXpose (including the free NeXpose Community Edition) users will have coverage within 24 hours or less.  Metasploit already had a module for the IE exposure.  Here's the breakdown ... 6 updates, with 12 vulnerabilities covered. Here's the breakdown: MS09-069: Rated Critical. Potential Denial of Service via ISAKMP through IPsec affecting LSASS, covering 1 vulnerability: CVE-2009-3675. Important to note that W

2 min Patch Tuesday

December Microsoft Patch Tuesday Preview

Sheldon here with a preview of what's coming out in next week's Microsoft Patch Tuesday … 6 updates in total, covering 12 vulnerabilities.  Windows, IE, and Office are affected. Bulletin 1: Remote Code Execution affects all supported Windows versions, rated Important on most, Moderate on XP, and Critical on Server 2008.  This will be the second highest priority out of the Critical updates – particularly if you have deployed Windows Server 2008. Bulletin 2: Remote Code Execution doesn't aff

3 min Microsoft

November Microsoft Patch Tuesday Roundup

Time once again for this month's summary of the latest Microsoft Security updates … 6 updates, with 15 vulnerabilities covered. Here's the breakdown: MS09-063: Rated Critical. Potential Remote Code Execution via Memory Corruption in Web Services on Devices API, covering 1 vulnerability: CVE-2009-2512. Important to note that this one only affects Windows Vista and Server 2008. Also important to note that attackers must be on the local subnet to exploit this vulnerability, so it would either b

4 min Microsoft

October Microsoft Patch Tuesday Roundup

Time for this month's summary of the latest Microsoft Security updates … 13 advisories, with 34 vulnerabilities covered. Here's the breakdown: MS09-050: Rated Critical. Potential Remote Code Execution and Denial of Service in SMBv2, covering 3 vulnerabilities: CVE-2009-2526 (Infinite Loop DoS), CVE-2009-2532 (Command Value Remote Code Exec), and CVE-2009-3103 (Negotiation Remote Code Exec). Important to note that this one was listed as a DoS on NVD while Metasploit and others were insisting

1 min Microsoft

October Microsoft Patch Tuesday Preview

Wow, because the number of bulletins affecting the number of Windows versions is pretty staggering.  Windows is taking the most lumps this month. Wow, because Windows7 makes its debut in the monthly dance with 5 updates (although only the IE update is critical) Wow, because Bulletin 13 alone affects the following products across the Microsoft universe: - Windows 2000 SP4 - Windows XP (SP2 and SP3) - Windows Server 2003 SP2 - Windows Vista & Vista SP1 - Windows 2008 - Office XP -

1 min Patch Tuesday

Once again, time for a quick summary of this month's Microsoft Security updates...

Five advisories, with eight vulnerabilities covered. Here's the breakdown: MS09-045: Rated Critical. Potential Remote Code Execution in JScript 5.1 on Microsoft Windows 2000 SP4, JScript 5.6/5.7/5.8 on all supported Windows versions except Windows 7 and Server 2008 R2, covering 1 vulnerability: CVE-2009-1920. Important to note that 5.8 is only affected if IE8 is installed and Server 2003/2008 are safe with Enhanced Security Configuration in place. MS09-046: Rated Critical for XP and Windows

3 min Microsoft

July Microsoft Patch Tuesday Roundup

Sheldon here, with a quick summary of this month's Microsoft Security updates … 6 advisories, with 9 vulnerabilities covered. Here's the breakdown: MS09-028: Rated Critical. Potential Remote Code Execution in Microsoft DirectShow. This one has been public for a little while and the advisory covers 3 vulnerabilities: CVE-2009-1537, CVE-2009-1538, and CVE-2009-1539. Important to note that this is focused on DirectShow's interoperability with QuickTime. MS09-029: Rated Critical. Potential Rem