Wormable Windows Bug Opens Door to DoS, RCE

Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good...

Microsoft Patch Tuesday for May 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Chris Neal. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities across its suite of products, the fewest in any month since January 2020. There are only three critical vulnerabilities patched in this month, while... This is...

May Patch Tuesday Offers Relative Respite

Compared to the previous months of 2021, this month’s Patch Tuesday cycle is a slight lull. Only 55 vulnerabilities were fixed this month, with only four of these classified as Critical...

NSA Discloses Vulnerabilities in Microsoft Exchange

Amongst the 100+ vulnerabilities patch in this months Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA...

This Week in Security News - April 16, 2021

April Patch Tuesday Sets Record High for 2021 and Fed Warns Cyber Threats Pose Danger to U.S Economy...

April 2021 Patch Tuesday – 108 Vulnerabilities, 19 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 108 vulnerabilities, of which 19 are rated critical severity and 88 are rated high severity. Adobe released patches for its Photoshop, Digital Editions, and Bridge products. CVE-2021-28310: Win32k Elevation of Privilege Vulnerability Microsoft releas...

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. In all, Microsoft released patches for 110 security holes, 19 classified critical in severity and 88...

Patch Tuesday - April 2021

Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical...

Microsoft Patch Tuesday for April 2021 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 108 vulnerabilities across its suite of products, the most in any month so far this year. Four new remote code execution vulnerabilities in Microsoft Exchange Server are... Th...

April Patch Tuesday Sets Record High for 2021

April’s Patch Tuesday fixes 114 vulnerabilities in various Microsoft products, a slight increase from March’s 89. This is the most vulnerabilities fixed in a month for 2021 to date, as well as a slight increase from the same month last year...

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up...

Patch Tuesday - March 2021

Another Patch Tuesday 2021-Mar is upon us and with this month comes a whopping 122 CVEs. As usual Windows tops the list of the most patched product. However, this month it’s browser vulnerabilities taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the Exchange Server...

March 2021 Patch Tuesday – 82 Vulnerabilities, 10 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Deskto...

Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

ARCHIVED STORY Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates Eoin Carroll · MAR 09, 2021 Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution RCE with critical CVSS Common...

Microsoft Pulls Bad Windows Update After Patch Issue

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates. Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective...

Threat Source newsletter (Feb. 11, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We have an update on LodaRAT, a trojan we’ve been following for years. This threat has a new version targeting Android devices, looking to infect devices and steal user’s credentials and monitor things like their phone calls and...

Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits

Traditionally the second Tuesday of the month is Microsoft’s “patch Tuesday”. This is the day when they roll out all the available patches for their software, and their operating systems in particular. Since there were no less than 56 patches in this month’s issue we will focus on the most...

Patch Tuesday - February 2021

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month. Vulnerability Breakdown by Software Family Family | Vulnerability Count...

Microsoft Patch Tuesday, February 2021 Edition

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit...

Actively Exploited Windows Kernel Bug Allows Takeover

Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the...