2 min
Vulnerability Management
Patch Tuesday - May 2020
Microsoft's fifth Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-May]
of the year brings us fixes for 111 different security issues, just a touch
under what we saw from them last month [/2020/04/14/patch-tuesday-april-2020/]
but still on the higher side of their typical volume. No 0-days to speak of, and
no vulnerabilities that had been publicly disclosed before today.
The bulk of this month's fixes, as well as most of the critical ones, are fo
2 min
Vulnerability Management
Patch Tuesday - April 2020
Global working-from-home routines haven't slowed down Microsoft and its ability
to help close up vulnerabilities in their products. This April Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr]
(WFH-edition), Microsoft has knocked 113 vulnerabilities out of the park. It's
not the highest we've seen, but it is still an impressive spread of fixes coming
in this month with a fair number resolving SharePoint and Office vulnerabilities
along with the
2 min
Vulnerability Management
Patch Tuesday - March 2020
Let's start off talking about CVE-2020-0688
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688]
from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At
the time it was published February 11, 2020, the vulnerability had not seen
active exploitation. As of March 9, 2020, there were increasing reports of
activity
[https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/]
happening on unpatched Exchange
3 min
Patch Tuesday
Patch Tuesday - February 2020
A relatively modest 99-vulnerability February Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb]
has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674]
(originally ADV200001
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001])
announced back on January 17. Fortunately, that is the only vulnerability
reported this month th
3 min
Vulnerability Management
Patch Tuesday - January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
[https://twitter.com/wdormann/status/1216763957446422528] that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
Microsoft by the NSA: CVE-2020-0601
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601]
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
2 min
Patch Tuesday
Patch Tuesday - December 2019
Today we come to the end of 2019's monthly Microsoft Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec]
(also known as Update Tuesday). This Christmas, Microsoft presents us with 36
vulnerabilities (that's two less than this time last year!) and no new
vulnerabilities from Adobe for Adobe Flash.
Unfortunately, despite a light month, there's still action to be taken.
CVE-2019-1458
[https://portal.msrc.microsoft.com/en-US/security-guidance/advis
3 min
Patch Tuesday
Patch Tuesday - November 2019
November's Patch Tuesday is upon us and, this month, Microsoft addressed 74
vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429]
) has been seen under active exploitation. By prioritizing the released
Microsoft Windows and Internet Explorer patches, the door to 58 of the 74
vulnerabilities will be closed off. Also, for the second month in a row, this
Patch Tuesday sees an absent security upd
2 min
Patch Tuesday
Patch Tuesday - October 2019
This month's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573]
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
and nothing that could allow worms to proliferate. And nothing from Adobe
[https://helpx.adobe.com/security.html]. Of course, that doesn't mean there's
nothing to do: Microsoft still published 59 CVE
2 min
Patch Tuesday
Patch Tuesday - August 2019
First off, the big news for today's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d]
: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities,
reminiscent of the BlueKeep
[/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/]
vulnerability (CVE-2019-0708
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708]
) that was patched last May. CVE-2019-11
3 min
Patch Tuesday
Patch Tuesday - March 2019
Today Microsoft released updates
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d]
that resolve over 60 different vulnerabilities. As usual, Windows, web browsers,
and SharePoint Server are all affected. Office gets off relatively lightly with
only a single vulnerability fixed (CVE-2019-0748
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748]
, a remote code execution (RCE) vulnerability in the Acces
2 min
Patch Tuesday
Patch Tuesday - February 2019
Microsoft got back in the swing of things today after a couple of relatively
light months, with over 70 separate CVEs
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573]
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
5 min
Haxmas
HaXmas Review: 12 Patch Tuesdays a-Patching
Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.
2 min
Patch Tuesday
Patch Tuesday - October 2018
This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.
3 min
Patch Tuesday
Patch Tuesday - September 2018
More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).
2 min
Patch Tuesday
Patch Tuesday - August 2018
Microsoft's updates this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573]
address over 60 vulnerabilities, 20 of which are classified as Critical. As
usual, most of this month's fixes are browser-related, and nearly half of the
flaws could lead to remote code execution (RCE). Patches for Exchange, SQL
Server, and Microsoft Office were also released.
Two of this month's vulnerabilities have already been seen exploited in th