Microsoft Patch Tuesday, March 2022 Edition

Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few "critical" fixes. And yet we know from experienc...

Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 71 the following vulnerabilities in their March 2022 Patch Tuesday Update. This advisory briefs about six vulnerabilities out of which three of them have been rated critical in severity and three of them ar...

Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms

Microsoft's Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others. Of the total 71 patches, three are rated Critical and 68 are rated Important in severity...

Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update – only three of which are rated critical in severity. The other 68 are all rated “important.” Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been...

Microsoft Patch Tuesday for March 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Edmund Brumaghin. Microsoft released another relatively light security update Tuesday, disclosing 71 vulnerabilities, including fixes for issues in Azure and the Office suite of products. March’s Patch Tuesday only included two critical vulnerabilities, which is notable... This...

Microsoft Patch Tuesday February 2022

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2022. I release it pretty late, because of the my previous big episode about the blindspots in the Knowledge Bases of Vulnerability Scanners. Please take a look if you havent seen it. Well, if you are even slightly...

Microsoft Patch Tuesday addresses a zero-day vulnerability in Windows Kernel

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Microsoft addressed 51 vulnerabilities in the February 2022 patch Tuesday release, one of which was classified as a zero-day vulnerability. A remote attacker could exploit some of these vulnerabilities to gain control of a...

Microsoft and Other Major Software Firms Release February 2022 Patch Updates

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated...

Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical

Microsoft Patch Tuesday – February 2022 Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a High risk rating CVSSv3.1 score of...

Patch Tuesday - February 2022

Today’s fixes from Microsoft are relatively light as far as Patch Tuesdays go. This is the first month in possibly forever where no vulnerabilities are considered Critical. A total of 70 CVEs were fixed today including 22 that affect the Chromium browser engine, which is used by Edge. Although 16...

No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day

Oh, blessed day: Microsoft’s Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches — none of them rated critical. For February, Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web...

Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse

Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on...

CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug

CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating ...

CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882...

The Bug Report - January 2022 Edition

The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...

The Bug Report - January 2022 Edition

The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...

Apply those updates now: CVE bypass offers up admin privileges for Windows 10

If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as soon as possible. Bleeping Computer reports that a researcher has come up with a bypass for an older bug, which could serve up some major headaches if left to fester. Those headaches will...

Public Exploit Released for Windows 10 Bug

Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...

Celebrating 20 Years of Trustworthy Computing

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing TwC initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees. Gates’ memo...