9 min
Vulnerability Management
Patch Tuesday - March 2021
Another Patch Tuesday (2021-Mar
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Mar]) is upon us and
with this month comes a whopping 122 CVEs. As usual Windows tops the list of
the most patched product. However, this month it’s browser vulnerabilities
taking the second place, outnumbering Office vulnerabilities 3:1! Lastly, the
Exchange Server vulnerabilities this month are not to be ignored as more than
half of them have been seen exploited in the wild.
Vulnerability Breakdown by S
7 min
Vulnerability Management
Patch Tuesday - February 2021
The second Patch Tuesday of 2021 is relatively light on the vulnerability count,
with 64 CVEs being addressed across the majority of Microsoft’s product
families. Despite that, there’s still plenty to discuss this month.
Vulnerability Breakdown by Software Family
FamilyVulnerability CountWindows28ESU14Microsoft Office11Browser9Developer Tools
8Microsoft Dynamics2Exchange Server2Azure2System Center2Exploited and Publicly
Disclosed Vulnerabilities
One zero-day was announced: CVE-2021-1732
[https:
7 min
Vulnerability Management
Patch Tuesday - January 2021
We arrive at the first Patch Tuesday of 2021 (2021-Jan
[https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan]) with 83
vulnerabilities across our standard spread of products. Windows Operating
System vulnerabilities dominated this month's advisories, followed by Microsoft
Office (which includes the SharePoint family of products), and lastly some from
less frequent products such as Microsoft System Center and Microsoft SQL Server.
Vulnerability Breakdown by Software Family
FamilyVulnera
3 min
Vulnerability Management
Patch Tuesday - November 2020
Jumping right back to a triple digit volume of vulnerabilities resolved,
Microsoft covers 112 CVEs this November affecting products ranging from our
standard Windows Operating Systems and Microsoft Office products to some new
entries such as Azure Sphere.
Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege
Vulnerability
[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087]
Coming as no surprise to anyone, the previously disclosed CVE-2020-17087
zero-day
3 min
Vulnerability Management
Patch Tuesday - September 2020
129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday
(2020-Sep Patch Tuesday)
Despite maintaining the continued high volume of vulnerabilities disclosed and
patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday
is seemingly calm from an operations perspective -- at first glance.
While following standard procedures of scheduling the patching for Windows OSes
up front immediately closes the door against 60%+ of the vulnerabilities being
disclosed this
4 min
Vulnerability Management
Patch Tuesday - August 2020
120 Vulnerabilities Patched in Microsoft's August 2020 Update Tuesday (2020-Aug
Patch Tuesday)
August 2020 brings along patches for 120 vulnerabilities within the standard set
of Microsoft products (Windows, Office, Browsers, and Developer Tools such as
.NET Framework, ASP.NET, and Visual Studio). Among the crowd are two
vulnerabilities: CVE-2020-1464
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464]
, and CVE-2020-1380
[https://portal.msrc.microsoft.com/en-US/s
3 min
Vulnerability Management
Patch Tuesday - June 2020
June 2020's Microsoft Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jun]
gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses
CVE-2020-9633
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010]
-- a high severity remote code execution vulnerability). While the consistently
high volume of vulnerabilities being addressed each month is alarming at times,
there is a sense of peace in the steps Micros
2 min
Vulnerability Management
Patch Tuesday - May 2020
Microsoft's fifth Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May]
of the year brings us fixes for 111 different security issues, just a touch
under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/]
but still on the higher side of their typical volume. No 0-days to speak of, and
no vulnerabilities that had been publicly disclosed before today.
The bulk of this month's fixes, as well as most of the critical ones, are fo
2 min
Vulnerability Management
Patch Tuesday - April 2020
Global working-from-home routines haven't slowed down Microsoft and its ability
to help close up vulnerabilities in their products. This April Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr]
(WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's
not the highest we've seen, but it is still an impressive spread of fixes coming
in this month with a fair number resolving SharePoint and Office vulnerabilities
along with the
2 min
Vulnerability Management
Patch Tuesday - March 2020
Let's start off talking about CVE-2020-0688
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688]
from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At
the time it was published February 11, 2020, the vulnerability had not seen
active exploitation. As of March 9, 2020, there were increasing reports of
activity
[https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/]
happening on unpatched Exchange
3 min
Patch Tuesday
Patch Tuesday - February 2020
A relatively modest 99-vulnerability February Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb]
has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674]
(originally ADV200001
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001])
announced back on January 17. Fortunately, that is the only vulnerability
reported this month th
3 min
Vulnerability Management
Patch Tuesday - January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
[https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
Microsoft by the NSA: CVE-2020-0601
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601]
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
2 min
Patch Tuesday
Patch Tuesday - December 2019
Today we come to the end of 2019's monthly Microsoft Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec]
(also known as Update Tuesday). This Christmas, Microsoft presents us with 36
vulnerabilities (that's two less than this time last year!) and no new
vulnerabilities from Adobe for Adobe Flash.
Unfortunately, despite a light month, there's still action to be taken.
CVE-2019-1458
[https://portal.msrc.microsoft.com/en-US/security-guidance/advis
3 min
Patch Tuesday
Patch Tuesday - November 2019
November's Patch Tuesday is upon us and, this month, Microsoft addressed 74
vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429]
) has been seen under active exploitation. By prioritizing the released
Microsoft Windows and Internet Explorer patches, the door to 58 of the 74
vulnerabilities will be closed off. Also, for the second month in a row, this
Patch Tuesday sees an absent security upd
2 min
Patch Tuesday
Patch Tuesday - October 2019
This month's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573]
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
and nothing that could allow worms to proliferate. And nothing from Adobe
[https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's
nothing to do: Microsoft still published 59 CVE