AMD: CVE-2025-54518 CPU OP Cache Corruption

This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for thi...

AMD: CVE-2023-20585 IOMMU Write Buffer Vulnerability

The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide...

Patch Tuesday - September 2025

Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide SUG for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software OSS fixes published...

AMD: CVE-2024-36357 Transient Scheduler Attack in L1 Data Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...

AMD: CVE-2025-36357 Transient Scheduler Attack in L1 Data Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...

AMD: CVE-2024-36350 Transient Scheduler Attack in Store Queue

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protecti...

February 11, 2025—KB5052040 (OS Build 10240.20915) - EXPIRED

February 11, 2025—KB5052040 OS Build 10240.20915 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

Microsoft Releases January 2025 Security Updates

Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates:...

Description of the security update for Office Online Server: November 12, 2024 (KB5002648)

Description of the security update for Office Online Server: November 12, 2024 KB5002648 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-49026. Notes: Th...

Description of the security update for SharePoint Enterprise Server 2016: November 12, 2024 (KB5002654)

Description of the security update for SharePoint Enterprise Server 2016: November 12, 2024 KB5002654 Summary This security update for SharePoint Server provides defense-in-depth updates to help improve security-related features. To learn more about the updates, see Microsoft Advisory ADV240001...

Security Update for Microsoft .NET Core SDK (CVE-2024-38229) (October 2024)

The version of .NET Core SDK installed on the remote host is 8.x prior to 8.0.10. It is, therefore, affected by remote code execution vulnerability as referenced in the October 2024 advisory: - .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-38229 Note that Nessus has not test...

Description of the security update for SharePoint Enterprise Server 2016: October 8, 2024 (KB5002645)

Description of the security update for SharePoint Enterprise Server 2016: October 8, 2024 KB5002645 Summary This security update resolves a Microsoft SharePoint elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 OS Build 25398.950 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

July 9, 2024—KB5040434 (OS Build 14393.7159) - EXPIRED

July 9, 2024—KB5040434 OS Build 14393.7159 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

CVE-2024-21302

Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...

Microsoft Edge (Chromium-Based) Multiple Spoofing Vulnerabilities - Jun24

Microsoft Edge Chromium-Based is prone to multiple spoofing vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Releases June 2024 Security Updates

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisory and apply the necessary updates...

May 14, 2024—KB5037788 (OS Build 10240.20651) - EXPIRED

May 14, 2024—KB5037788 OS Build 10240.20651 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

May 14, 2024—KB5037763 (OS Build 14393.6981) - EXPIRED

May 14, 2024—KB5037763 OS Build 14393.6981 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...