Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release

UDPATE Browser vulnerabilities took center stage in Microsoft’s July Patch Tuesday security bulletin. In all, Microsoft patched 17 bugs rated critical, with ten tied to scripting engine flaws impacting Internet Explorer. In total, Microsoft is reporting 53 bugs: 17 critical, 34 rated important, o...

July Patch Tuesday – Critical browser patches, Lazy FP, Exchange, Adobe vulns

This month's Patch Tuesday is medium in weight, with 54 CVEs containing 17 Criticals. All but two of the Critical vulnerabilities are in Microsoft's browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well. Adobe has also...

A week in security (June 11 – June 17)

Last week on Malwarebytes Labs, we discussed how to protect the online privacy of children, we gave you a spring 2018 overview of exploit kits, rounded up the ongoing discussions about the VPNFilter malware, and discussed the struggles of UK law enforcement with modern-day cybercrime. Other news...

Microsoft Reveals Which Bugs It Won’t Patch

Microsoft has put out initial clarification around which bugs it will rapidly patch, and which ones must wait for a new product release – and which ones it won’t address at all. In a draft document posted online on Tuesday, the software giant laid out the criteria that the Microsoft Security...

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in...

June Patch Tuesday: Microsoft Issues Critical Fixes for DNS, Cortana

Microsoft has fixed 11 critical bugs in its June Patch Tuesday update, including a Windows DNS-related remote code execution flaw. It also patched an easily exploitable problem in the Cortana voice engine. One of the most serious issues is a critical remote code execution vulnerability...

June Patch Tuesday – New Speculative Store Bypass Fixes, Adobe Vulns

June's Patch Tuesday is lighter weight compared to previous months. In all, 51 unique CVEs are addressed, with 11 CVEs marked as Critical. Adobe also released an out-of-band update for a Flash Player vulnerability last week, which is being actively exploited. Speculative Store Bypass Microsoft...

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are...

Microsoft Patch Tuesday - June 2018

Executive Summary Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated "critical," and 39 rated "important." These vulnerabilities impa...

Adobe Doles Out Second Round of Higher Priority Patches

A week after issuing updates on Patch Tuesday, Adobe has posted patches for a second slew of 24 critical vulnerabilities, which have a higher risk of being exploited. This week’s crop of vulnerabilities, of which there were 47 overall, impact versions of Adobe’s Acrobat DC Acrobat Reader DC, and...

Microsoft Patches Two Zero-Day Flaws Under Active Attack

It's time to gear up for the latest May 2018 Patch Tuesday. Microsoft has today released security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wild by cybercriminals, and two publicly disclosed bugs. In brief, Microsoft is addressing ...

May Patch Tuesday Fixes Two Bugs Under Active Attack

Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack. The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website. “A user need only visit a...

Microsoft Patch Tuesday, May 2018 Edition

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft's Patch Tuesday -- the second...

May 2018 Patch Tuesday – Medium Weight, However One Active Exploit Needs Attention

This May's Patch Tuesday has quite a few Microsoft fixes for both the OS and browsers. In all, 67 unique CVEs are addressed in 17 KB articles, with 21 CVEs marked Critical. 32 of these CVEs reference Remote Code Execution, 19 of which are Critical. Those who use Hyper-V have some updates to pay...

Microsoft Patch Tuesday - May 2018

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 67 new vulnerabilities, with 21 of them rated critical, 42 of them rated important, and four rated as low...

8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs

A team of security researchers has reportedly discovered a total of eight new "Spectre-class" vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well. Dubbed Spectre-Next Generation, or Spectre-NG, the partial...

Microsoft Issues More Spectre Updates For Intel CPUs

Microsoft has released additional Windows 10 mitigations for the Spectre side-channel flaw revealed in January, with an expanded lineup of firmware microcode updates for Intel CPUs that include the Broadwell and Haswell chipsets. The company released two Windows Update packages addressing Spectre...

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password just by having the target preview an email with a Rich Text Format RTF attachment that contained a remotely hosted OLE object. The bug was patched by Microsoft as part of its April Patch Tuesday fixes, over a...

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft each released critical fixes for their products today, a.k.a "Patch Tuesday," the second Tuesday of every month. Adobe updated its Flash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities in...

Microsoft Fixes 66 Bugs in April Patch Tuesday Release

Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical. Notable is Microsoft’s disclosure of a publicly known SharePoint elevation of privilege bug CVE-2018-1034, rated important, which has no fix but has not been publicly exploited. Microsoft SharePoin...