Posts by Greg Wiseman

6 min Patch Tuesday

Patch Tuesday - June 2022

Patches for Follina, more NFS and LDAP vulnerabilities, and the beginning of the end for IE11.

7 min Vulnerability Management

Patch Tuesday - May 2022

This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem.

11 min Vulnerability Management

Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.

8 min Vulnerability Management

Patch Tuesday - March 2022

March 2022's Patch Tuesday sees Microsoft addressing 71 CVEs (excluding Chromium/Edge), 3 of which are considered Critical.

6 min Vulnerability Management

Patch Tuesday - February 2022

February 2022's fixes from Microsoft are relatively light as far as Patch Tuesdays go.

10 min Patch Tuesday

Patch Tuesday - January 2022

The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today. This includes two Remote Code Execution (RCE) vulnerabilities in open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947 [https://msrc.microsoft.com/update-

7 min Vulnerability Management

Patch Tuesday - December 2021

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228.

8 min InsightVM

Using InsightVM to Find Apache Log4j CVE-2021-44228

How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.

4 min InsightVM

InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning

Scan Diagnostics will report a “vulnerable” result against assets when the Scan Engine is supplied with credentials but unable to gather local information.

7 min Vulnerability Management

Patch Tuesday - October 2021

Today’s Patch Tuesday sees Microsoft issuing fixes [https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct] for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike. One vulnerability has already been seen exploited in the wild: CVE-2021-40449 [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40449] is an elev

7 min Vulnerability Management

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools 8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly Disclosed Vulnerabilities One zero-day was announced: CVE-2021-1732 [https:

2 min Vulnerability Management

Patch Tuesday - May 2020

Microsoft's fifth Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May] of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/] but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today. The bulk of this month's fixes, as well as most of the critical ones, are fo

5 min Vulnerability Management

How to Measurably Reduce False Positive Vulnerabilities by Up To 22%

Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.

3 min Vulnerability Management

Patch Tuesday - January 2020

The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour [https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the NSA: CVE-2020-0601 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601] is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC) c

2 min Patch Tuesday

Patch Tuesday - October 2019

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573] is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe [https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's nothing to do: Microsoft still published 59 CVE