[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates

On what might seem a relatively calm Patch Tuesday with 55 vulnerabilities being patched, the fact that six of them were rated “Critical” and two of them actively exploited spoils the Zen factor somewhat. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and...

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused t...

November Continues Streak of Quiet Patch Tuesdays

November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November...

Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Tiago Pereira. Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild. November’s security update... This is only the...

Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle

Hello everyone! This episode will be about relatively recent critical vulnerabilities. Lets start with Microsoft Patch Tuesday for October 2021. Specifically, with the vulnerability that I expected there, but it didnt get there. Autodiscover leak discovered by Guardicore Labs "Autodiscover, a...

Threat Source newsletter (Oct. 14, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. It's still Cybersecurity Awareness Month, and what better way to celebrate by patching and then patching some more? This week was Microsoft Patch Tuesday, which only included two critical vulnerabilities, but still... This is only...

Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities

Microsoft Patch Tuesday – October 2021 Microsoft patched 74 vulnerabilities in their October 2021 Patch Tuesday release, of which three are rated as critical severity and four were previously reported as zero-days. Critical Microsoft Vulnerabilities Patched CVE-2021-40449 - Win32k Elevation of...

October Patch Tuesday: 3 Critical Bulletins Among 71

The October Patch Tuesday maintains the relatively peaceful streak from previous months with only 3 bulletins rated as Critical among 71 new vulnerabilities...

October Patch Tuesday: 3 Critical Bulletins Among 71

The October Patch Tuesday maintains the relatively peaceful streak from previous months with only 3 bulletins rated as Critical among 71 new vulnerabilities...

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs

Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers. Microsoft reported a total of 74 vulnerabilities, three...

Patch Tuesday - October 2021

Today’s Patch Tuesday sees Microsoft issuing fixes for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike. One vulnerability has...

Microsoft Patch Tuesday for Oct. 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 78 vulnerabilities in the company’s various software, hardware and firmware offerings. This month’s release is particularly notable because there are only... This is only th...

MSHTML attack targets Russian state rocket centre and interior ministry

Malwarebytes has reason to believe that the MSHTML vulnerability listed under CVE-2021-40444 is being used to target Russian entities. The Malwarebytes Intelligence team has intercepted email attachments that are specifically targeting Russian organizations. The first template we found is designe...

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

Hello everyone! This time, lets talk about recent vulnerabilities. Ill start with Microsoft Patch Tuesday for September 2021. I created a report using my Vulristics tool. You can see the full report here. The most interesting thing about the September Patch Tuesday is that the top 3 VM vendors...

Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure OMI — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the...

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by...

[updated] Patch now! PrintNightmare over, MSHTML fixed, a new horror appears … OMIGOD

The September 2021 Patch Tuesday could be remembered as the final patching attempt in the PrintNightmare… nightmare. The ease with which the vulnerabilities shrugged off the August patches doesn’t look to get a rerun. So far we haven’t seen any indications that this patch is so easy to circumvent...

Patch Tuesday - September 2021

Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Fortunately there are only a few issues rated critical this month with the vast majority of the remainder being rated important. Here’s three big things you can go patch right now. MSHTML Remote...

Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities

Microsoft Patch Tuesday – September 2021 Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as...

Microsoft Patch Tuesday for Sept. 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Holger Unterbrink. Microsoft released its monthly security update Tuesday, disclosing 85 vulnerabilities across the company’s firmware and software. This month’s release is headlined by an official patch for the critical remote code execution... This is onl...