12 min
Vulnerability Management
Patch Tuesday - November 2024
4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.
13 min
Vulnerability Management
Patch Tuesday - October 2024
5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.
10 min
Patch Tuesday
Patch Tuesday - September 2024
4 zero-days. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT critical RCEs.
15 min
Patch Tuesday
Patch Tuesday - August 2024
Heavy-hitting edition of PT with 10 zero-days. Windows Downdate downgrade attack, Windows WinSock EoP, Windows Kernel EoP, MotW bypass, and several others.
11 min
Vulnerability Management
Patch Tuesday - July 2024
Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.
7 min
Patch Tuesday
Patch Tuesday - June 2024
MSMQ RCE again. Office malicious file RCEs. SharePoint RCE. DNSSEC NSEC3 DoS.
8 min
Patch Tuesday
Patch Tuesday - May 2024
Zero-days in DWM, MSHTML, and Visual Studio. SharePoint critical post-auth RCE. Remote Access repatch. Mobile Broadband USB vulns.
13 min
Patch Tuesday
Patch Tuesday - April 2024
One late-breaking zero-day vuln. Defender for IoT critical RCEs. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE and Vector String Source to advisories.
8 min
Vulnerability Management
Patch Tuesday - March 2024
No zero-day vulns this month. A single critical RCE: Hyper-V guest escape. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes Service Confidential Containers. Windows 11 compressed folders.
9 min
Patch Tuesday
Patch Tuesday - February 2024
Windows SmartScreen & Internet Shortcut EitW. Office Protected Mode bypass. Exchange critical elevation of privilege.
7 min
Patch Tuesday
Patch Tuesday - January 2024
Hyper-V critical RCE. Office FBX 3D model vuln. SharePoint RCE. Critical Kerberos MitM. No zero-days. Smallest January PT for several years.
6 min
Vulnerability Management
Patch Tuesday - December 2023
AMD divide-by-zero-day information disclosure. No-interaction MSHTML Outlook critical RCE. Double ICS critical RCE. Fewer patches for fewer products than usual.
9 min
Patch Tuesday
Patch Tuesday - November 2023
Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.NET. Overall fewer patches than usual. cURL patch.
12 min
Patch Tuesday
Patch Tuesday - October 2023
Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.
8 min
Patch Tuesday
Patch Tuesday - September 2023
A relatively light month. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.