Posts tagged Patch Tuesday

4 min Vulnerability Management

Patch Tuesday - August 2020

120 Vulnerabilities Patched in Microsoft's August 2020 Update Tuesday (2020-Aug Patch Tuesday) August 2020 brings along patches for 120 vulnerabilities within the standard set of Microsoft products (Windows, Office, Browsers, and Developer Tools such as .NET Framework, ASP.NET, and Visual Studio).  Among the crowd are two vulnerabilities: CVE-2020-1464 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464] , and CVE-2020-1380 [https://portal.msrc.microsoft.com/en-US/s

3 min Vulnerability Management

Patch Tuesday - July 2020

100+ vulnerabilities patched during Patch Tuesdays the new norm Another 123 CVEs are covered this month from Microsoft for the 2020-Jul Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul] .  In addition to our usual suspects like Windows, Internet Explorer/Microsoft Edge, and Microsoft Office this Patch Tuesday addresses several developer-type tools such as .NET Framework, Visual Studio Code ESLint extension along with various Open Source Software

3 min Vulnerability Management

Patch Tuesday - June 2020

June 2020's Microsoft Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun] gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses CVE-2020-9633 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010] -- a high severity remote code execution vulnerability).  While the consistently high volume of vulnerabilities being addressed each month is alarming at times, there is a sense of peace in the steps Micros

2 min Vulnerability Management

Patch Tuesday - May 2020

Microsoft's fifth Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May] of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/] but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today. The bulk of this month's fixes, as well as most of the critical ones, are fo

2 min Vulnerability Management

Patch Tuesday - April 2020

Global working-from-home routines haven't slowed down Microsoft and its ability to help close up vulnerabilities in their products. This April Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr] (WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's not the highest we've seen, but it is still an impressive spread of fixes coming in this month with a fair number resolving SharePoint and Office vulnerabilities along with the

2 min Vulnerability Management

Patch Tuesday - March 2020

Let's start off talking about CVE-2020-0688 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688] from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At the time it was published February 11, 2020, the vulnerability had not seen active exploitation. As of March 9, 2020, there were increasing reports of activity [https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/] happening on unpatched Exchange

3 min Patch Tuesday

Patch Tuesday - February 2020

A relatively modest 99-vulnerability February Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb] has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674] (originally ADV200001 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001]) announced back on January 17.  Fortunately, that is the only vulnerability reported this month th

3 min Vulnerability Management

Patch Tuesday - January 2020

The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour [https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the NSA: CVE-2020-0601 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601] is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC) c

2 min Patch Tuesday

Patch Tuesday - December 2019

Today we come to the end of 2019's monthly Microsoft Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec] (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash. Unfortunately, despite a light month, there's still action to be taken. CVE-2019-1458 [https://portal.msrc.microsoft.com/en-US/security-guidance/advis

3 min Patch Tuesday

Patch Tuesday - November 2019

November's Patch Tuesday is upon us and, this month, Microsoft addressed 74 vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429] ) has been seen under active exploitation. By prioritizing the released Microsoft Windows and Internet Explorer patches, the door to 58 of the 74 vulnerabilities will be closed off. Also, for the second month in a row, this Patch Tuesday sees an absent security upd

2 min Patch Tuesday

Patch Tuesday - October 2019

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573] is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe [https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's nothing to do: Microsoft still published 59 CVE

2 min Patch Tuesday

Patch Tuesday - September 2019

Today Microsoft released fixes [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573] for 79 separate security flaws, affecting products across much of their portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1214] and CVE-2019-1215 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215] are both privilege

2 min Patch Tuesday

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d] : Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep [/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/] vulnerability (CVE-2019-0708 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708] ) that was patched last May. CVE-2019-11

2 min Patch Tuesday

Patch Tuesday - July 2019

Patch Tuesday for July 2019 is on the heavier side as far as they go, with Microsoft fixing 77 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573] in total. Microsoft also published an advisory [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190021] describing a cross-site scripting vulnerability in the on-premise edition of Outlook for web (previously known as Outlook Web App), but instead of

2 min Patch Tuesday

Patch Tuesday - June 2019

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573] , the highest count so far this year. Nothing this month seems "wormable" like the BlueKeep [https://www.rapid7.com/db/?q=CVE-2019-0708] vulnerability patched in May, and none of them have been seen exploited in the wild. However, four elevation of privilege vulnerabilities had been previo