Patch Tuesday - March 2024

Microsoft is addressing 60 vulnerabilities this March 2024 Patch Tuesday. Microsoft indicated that they aren’t aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today, which means no new additions to CISA KEV at time of writing. Microsoft is...

Microsoft and Adobe Patch Tuesday, March 2024 Security Update Review

Welcome to another insightful dive into Microsofts Patch Tuesday! This months security updates address a significant number of CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches...

Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

For the second month in 2024, there are no actively exploited vulnerabilities included in this months security update from Microsoft. Marchs Patch Tuesday is relatively light, containing 60 vulnerabilities -- only two labeled "critical." Last months Patch Tuesday included more than 70 security...

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 CVSS score: 7.8, which can permit an...

Attacks, Vulnerabilities and Actors 12 to 18 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, five vulnerabilities were uncovered, and three active adversaries we...

Akamai’s Perspective on February’s Patch Tuesday 2024

...

Microsoft’s February 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities

Summary: Microsofts February 2024 Patch Tuesday addresses 73 vulnerabilities, including actively exploited zero-days, spanning various products like Office, Exchange Server, and Windows Kernel. Critical flaws in Windows SmartScreenCVE-2024-21351, Internet Shortcut FilesCVE-2024-21412, and Microso...

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 CVSS score: 9.8, the issue has been...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

Microsoft and Adobe Patch Tuesday, February 2024 Security Update Review

The new Microsoft Patch Tuesday Edition for February 2024 is now live! We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for February 2024 Microsoft Patch Tuesdays February 2024 edition addressed 79 vulnerabilities, including...

First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities

Microsoft followed up one of the lightest recent Patch Tuesdays in January with a large release of vulnerabilities on Tuesday, although still far from numbers seen in the past. In all, Februarys security update from Microsoft includes 75 vulnerabilities, three of which are considered critical...

Active Exploitation of Two Critical Flaws in Microsoft SharePoint

Summary: Active attacks targeting a critical Microsoft SharePoint Server vulnerability CVE-2023-29357 pose a severe risk, enabling privilege escalation for potential full administrator access. This flaw, coupled with CVE-2023-24955, allows arbitrary code execution. Immediate patching is crucial, ...

Akamai’s Perspective on January’s Patch Tuesday 2024

...

Exploit for Untrusted Search Path in Microsoft

Privilege escalation using the XAML diagnostics API CVE-2023-...

Microsoft’s January 2024 Patch Tuesday Addresses 49 Vulnerabilities

Summary: Microsofts January 2024 Patch Tuesday addressed 49 vulnerabilities, including two critical ones, covering various products. Notably, a high-risk Kerberos security flaw CVE-2024-20674 and a network-adjacent Hyper-V vulnerability CVE-2024-20700 were patched, urging prompt updates to mitiga...

Patch now! First patch Tuesday of 2024 is here

Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches—and only two of them critical—this makes it a relatively quiet month, which is certainly not the norm in January. The Common Vulnerabilities and Exposures CVE...

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at...

Patch Tuesday - January 2024

Microsoft is addressing 49 vulnerabilities this January 2024 Patch Tuesday, including a single critical remote code execution vulnerability. Four browser vulnerabilities were published separately this month, and are not included in the total. No zero-day vulnerabilities are published or patched...

Microsoft and Adobe Patch Tuesday, January 2024 Security Update Review

The first edition of the Microsoft Patch Tuesday for 2024 is now live! Microsoft has released fewer than usual security fixes in this months update. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft Patch Tuesday for January 2024 Microsoft...

Microsoft starts off new year with relatively light Patch Tuesday, no zero-days

Microsoft followed up one of the lightest recent Patch Tuesdays in December with another month of no zero-day vulnerabilities and only two critical issues. Many of the companys monthly security updates in 2023 included vulnerabilities that were actively being exploited in the wild or had publicly...