7 min
Vulnerability Management
Patch Tuesday - October 2021
Today’s Patch Tuesday sees Microsoft issuing fixes
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct] for over 70 CVEs,
affecting the usual mix of their product lines. From Windows, Edge, and Office,
to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for
workstation and server administrators alike.
One vulnerability has already been seen exploited in the wild: CVE-2021-40449
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40449] is
an elev
7 min
Patch Tuesday
Patch Tuesday - September 2021
Microsoft has fixed a total of 60 vulnerabilities this month, including two publicly disclosed 0-days. Here’s three big things you can go patch right now.
6 min
Patch Tuesday
Patch Tuesday - August 2021
Hot off the press, it’s another issue of the Patch Tuesday blog! While the
number of vulnerabilities is low this month, there are a number of high risk
items administrators will want to patch right away including a few that will
require additional remediation steps. This Patch Tuesday also includes updates
for three vulnerabilities that were publicly disclosed earlier this month. Let’s
jump in.
Windows Elevation of Privilege Vulnerability aka HiveNightmare/SeriousSAM
https://msrc.microsoft.com/
9 min
Vulnerability Management
Patch Tuesday - July 2021
Microsoft has patched another 117 CVEs
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul], returning to
volumes seen in early 2021 and most of 2020. It would appear that the recent
trend of approximately 50 vulnerability fixes per month was not indicative of a
slowing pace. This month there were 13 vulnerabilities rated Critical with
nearly the rest being rated Important. Thankfully, none of the updates published
today require additional steps to remediate, so administrators should b
5 min
Vulnerability Management
Patch Tuesday - June 2021
It is another low volume Patch Tuesday this month as Microsoft releases fixes
for 50 vulnerabilities. This should not diminish the importance of speedily
applying the updates. 6 of the vulnerabilities being patched this month are
0-days under active exploitation (CVE-2021-31955
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955],
CVE-2021-31956
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956],
CVE-2021-33739
[https://msrc.microsoft.com/updat
5 min
Patch Tuesday
Patch Tuesday - May 2021
Here we are again with another installment of Patch Tuesday. When compared to
the past few months this one feels a bit light both in severity and number of
vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this
month, less than half of the usual volume, with only 4 of them being scored as
critical. Let's dive into the details.
HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-
4 min
Vulnerability Disclosure
Patch Tuesday Dashboard Template Release
Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these patches is often challenging.
9 min
Patch Tuesday
Patch Tuesday - April 2021
Patch Tuesday is here again and there are more Exchange updates to apply! A
total of 114 vulnerabilities were fixed this month with more than half of them
affecting all versions of Windows, with about half of them being remote code
execution bugs, and about a fifth of them being rated as critical by Microsoft.
Let's dive in!
New Exchange Server Patches Available
If you were only going to patch one thing today, please let it be this. Exchange
Server has been a hot topic since the vulnerabilities
9 min
Vulnerability Management
Patch Tuesday - March 2021
Another Patch Tuesday (2021-Mar
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar]) is upon us and
with this month comes a whopping 122 CVEs. As usual Windows tops the list of
the most patched product. However, this month it’s browser vulnerabilities
taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the
Exchange Server vulnerabilities this month are not to be ignored as more than
half of them have been seen exploited in the wild.
Vulnerability Breakdown by S
7 min
Vulnerability Management
Patch Tuesday - February 2021
The second Patch Tuesday of 2021 is relatively light on the vulnerability count,
with 64 CVEs being addressed across the majority of Microsoft’s product
families. Despite that, there’s still plenty to discuss this month.
Vulnerability Breakdown by Software Family
FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools
8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly
Disclosed Vulnerabilities
One zero-day was announced: CVE-2021-1732
[https:
7 min
Vulnerability Management
Patch Tuesday - January 2021
We arrive at the first Patch Tuesday of 2021 (2021-Jan
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan]) with 83
vulnerabilities across our standard spread of products. Windows Operating
System vulnerabilities dominated this month's advisories, followed by Microsoft
Office (which includes the SharePoint family of products), and lastly some from
less frequent products such as Microsoft System Center and Microsoft SQL Server.
Vulnerability Breakdown by Software Family
FamilyVulnera
3 min
Vulnerability Management
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved,
Microsoft covers 112 CVEs this November affecting products ranging from our
standard Windows Operating Systems and Microsoft Office products to some new
entries such as Azure Sphere.
Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege
Vulnerability
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087]
Coming as no surprise to anyone, the previously disclosed CVE-2020-17087
zero-day
3 min
Vulnerability Management
Patch Tuesday - September 2020
129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday
(2020-Sep Patch Tuesday)
Despite maintaining the continued high volume of vulnerabilities disclosed and
patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday
is seemingly calm from an operations perspective -- at first glance.
While following standard procedures of scheduling the patching for Windows OSes
up front immediately closes the door against 60%+ of the vulnerabilities being
disclosed this
4 min
Vulnerability Management
Patch Tuesday - August 2020
120 Vulnerabilities Patched in Microsoft's August 2020 Update Tuesday (2020-Aug
Patch Tuesday)
August 2020 brings along patches for 120 vulnerabilities within the standard set
of Microsoft products (Windows, Office, Browsers, and Developer Tools such as
.NET Framework, ASP.NET, and Visual Studio). Among the crowd are two
vulnerabilities: CVE-2020-1464
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464]
, and CVE-2020-1380
[https://portal.msrc.microsoft.com/en-US/s
3 min
Vulnerability Management
Patch Tuesday - June 2020
June 2020's Microsoft Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun]
gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses
CVE-2020-9633
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010]
-- a high severity remote code execution vulnerability). While the consistently
high volume of vulnerabilities being addressed each month is alarming at times,
there is a sense of peace in the steps Micros