November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Ado...

Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Joe Marshall. Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months. Eighteen o...

News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More

The Threatpost editors break down the top security stories of the week ended Oct. 16, including: Patch Tuesday insanity, with Microsoft and Adobe releasing fixes for severe vulnerabilities – including a critical, potentially wormable remote code execution bug known as the “Ping of Death” Barnes a...

Threat Source newsletter (Oct. 15, 2020)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of recommendations for local,...

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution RCE flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked...

Patch Tuesday - October 2020

Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746. Despite this...

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable. There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public...

Microsoft Patch Tuesday, October 2020 Edition

Its Cybersecurity Awareness Month! In keeping with that theme, if you abuse Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means its onc...

October 2020 Patch Tuesday – 87 Vulnerabilities, 11 Critical, SharePoint, TCP/IP Stack, Graphics, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 87 vulnerabilities with 11 of them labeled as Critical. The 11 Critical vulnerabilities cover TCP/IP Stack, SharePoint, Windows Camera Codec Pack, Graphics and several other workstation vulnerabilities. Adobe issued patches today for Adobe Flash...

Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange

I would like to start this post by talking about Microsoft vulnerabilities, which recently turned out to be much more serious than it seemed at first glance. Older Vulnerabilities with exploits "Zerologon" Netlogon RCE CVE-2020-1472 One of them is, of course, the Netlogon vulnerability from the...

Zerologon Attacks Against Microsoft DCs Snowball in a Week

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses. That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug i...

Microsoft Netlogon exploitation continues to rise

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the...

Microsoft Overhauls ‘Patch Tuesday’ Security Update Guide

Microsoft has updated its Security Update Guide, which is used by tens of millions of cybersecurity professionals the second Tuesday of every month, also known as Patch Tuesday. The update, according to Microsoft, is meant to deliver a more intuitive user experience. For its latest update,...

This Week in Security News: Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday and Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about this month’s Patch Tuesday update from Microsoft. Also, learn about Trend Micro’s Worry-Free XDR: a new version of its XDR platfo...

Microsoft's Patch Tuesday Packed with Critical RCE Bugs

Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said. The most severe issue in the bun...

September 2020 Patch Tuesday – 129 Vulnerabilities, 23 Critical, SharePoint, Exchange, Windows Codecs, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 129 vulnerabilities with 23 of them labeled as Critical. The 23 Critical vulnerabilities cover SharePoint, Exchange, Dynamics 365, Windows Codecs, and several other workstation vulnerabilities. Adobe released patches today for Experience Manager,...

Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others

This time I would like to review not only the vulnerabilities that were published in the last August Microsoft Patch Tuesday, but also the CVEs that were published on other, not Patch Tuesday, days. Of course, if there are any. But lets start with the vulnerabilities that were presented on MS Pat...

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service RAS in a way i...

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Microsoft has released an out-of-band security update addressing two high-severity elevation-of-privilege EoP bugs. Both flaws exist in a service called Windows Remote Access, which provides remote-access capabilities to client applications on computers running Windows. Of note, both flaws were...

This Week in Security News: Microsoft Patches 120 Vulnerabilities, Including Two Zero-Days and Trend Micro Brings DevOps Agility and Automation to Security Operations Through Integration with AWS Solutions

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about one of Microsoft’s largest Patch Tuesday updates ever, including fixes for 120 vulnerabilities and two zero-days. Also, learn abo...