Posts by Adam Barnett

13 min Vulnerability Management

Patch Tuesday - October 2024

5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.

10 min Patch Tuesday

Patch Tuesday - September 2024

4 zero-days. Servicing Stack Win 10 1507 rollback; MotW LNK stomping bypass; Windows Installer EoP; Publisher macro bypass. SharePoint & Windows NAT critical RCEs.

15 min Patch Tuesday

Patch Tuesday - August 2024

Heavy-hitting edition of PT with 10 zero-days. Windows Downdate downgrade attack, Windows WinSock EoP, Windows Kernel EoP, MotW bypass, and several others.

7 min Patch Tuesday

Patch Tuesday - June 2024

MSMQ RCE again. Office malicious file RCEs. SharePoint RCE. DNSSEC NSEC3 DoS.

8 min Patch Tuesday

Patch Tuesday - May 2024

Zero-days in DWM, MSHTML, and Visual Studio. SharePoint critical post-auth RCE. Remote Access repatch. Mobile Broadband USB vulns.

13 min Patch Tuesday

Patch Tuesday - April 2024

One late-breaking zero-day vuln. Defender for IoT critical RCEs. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE and Vector String Source to advisories.

8 min Vulnerability Management

Patch Tuesday - March 2024

No zero-day vulns this month. A single critical RCE: Hyper-V guest escape. Exchange malicious DLL RCE. SharePoint ACE. Azure Kubernetes Service Confidential Containers. Windows 11 compressed folders.

9 min Patch Tuesday

Patch Tuesday - February 2024

Windows SmartScreen & Internet Shortcut EitW. Office Protected Mode bypass. Exchange critical elevation of privilege.

7 min Patch Tuesday

Patch Tuesday - January 2024

Hyper-V critical RCE. Office FBX 3D model vuln. SharePoint RCE. Critical Kerberos MitM. No zero-days. Smallest January PT for several years.

6 min Vulnerability Management

Patch Tuesday - December 2023

AMD divide-by-zero-day information disclosure. No-interaction MSHTML Outlook critical RCE. Double ICS critical RCE. Fewer patches for fewer products than usual.

9 min Patch Tuesday

Patch Tuesday - November 2023

Zero day vulns in SmartScreen, DWM, Cloud Files mini driver, Office Protected View, ASP.NET. Overall fewer patches than usual. cURL patch.

12 min Patch Tuesday

Patch Tuesday - October 2023

Zero-day vulns in WordPad, Skype for Business, and ASP.NET. 12 critical RCEs. Last public security updates for Windows Server 2012, 2012 R2 and Windows 11 21H2.

8 min Patch Tuesday

Patch Tuesday - September 2023

A relatively light month. Word NTLM hash disclosure. Streaming Service Proxy elevation to SYSTEM. Internet Connection Sharing critical RCE.

9 min Vulnerability Management

Patch Tuesday - August 2023

ASP.NET zero-day vuln. Teams malicious meetings. MSMQ critical RCE. Patches & a makeover for last month's unpatched zero-day vuln.

12 min Vulnerability Management

Patch Tuesday - July 2023

Five zero-day vulns, including an Office maldoc attack with no patch yet and a SmartScreen bypass. Eight critical RCEs, and 130 total vulns. Busier than recent months.