Posts tagged Patch Tuesday

2 min Patch Tuesday

Patch Tuesday - August 2019

First off, the big news for today's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d] : Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities, reminiscent of the BlueKeep [/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/] vulnerability (CVE-2019-0708 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708] ) that was patched last May. CVE-2019-11

3 min Patch Tuesday

Patch Tuesday - March 2019

Today Microsoft released updates [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d] that resolve over 60 different vulnerabilities. As usual, Windows, web browsers, and SharePoint Server are all affected. Office gets off relatively lightly with only a single vulnerability fixed (CVE-2019-0748 [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748] , a remote code execution (RCE) vulnerability in the Acces

2 min Patch Tuesday

Patch Tuesday - February 2019

Microsoft got back in the swing of things today after a couple of relatively light months, with over 70 separate CVEs [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573] being addressed. The usual suspects got patches, including Windows, Office, Browsers (including Adobe Flash [https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]), .NET Framework, SharePoint, Exchange, and another slew of JET Database Engi

5 min Haxmas

HaXmas Review: 12 Patch Tuesdays a-Patching

Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.

2 min Patch Tuesday

Patch Tuesday - October 2018

This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.

3 min Patch Tuesday

Patch Tuesday - September 2018

More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).

2 min Patch Tuesday

Patch Tuesday - August 2018

Microsoft's updates this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573] address over 60 vulnerabilities, 20 of which are classified as Critical. As usual, most of this month's fixes are browser-related, and nearly half of the flaws could lead to remote code execution (RCE). Patches for Exchange, SQL Server, and Microsoft Office were also released. Two of this month's vulnerabilities have already been seen exploited in th

2 min Patch Tuesday

Patch Tuesday - June 2018

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573] is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by Microsoft. However, a bit of excitement came earlier this month, with an out-of-band patch for Adobe Flash Player released last Thursday [https://helpx.adobe.com/security/products/flash-player/apsb18-19.html] to fix four security issues. Two of these were flaws that can lead

3 min Patch Tuesday

Patch Tuesday - April 2018

Over 70 vulnerabilities have been fixed this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d] , including 6 in Adobe Flash [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] ( APSB18-08 [https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once ag

2 min Patch Tuesday

Patch Tuesday - March 2018

There are a lot of fixes this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d] : Microsoft's updates include patches for 76 separate vulnerabilities, including two critical Adobe Flash Player remote code execution (RCE) vulnerabilities [https://helpx.adobe.com/security/products/flash-player/apsb18-05.html]. In fact all of this month's critical vulnerabilities are browser-related. This is not surprising considering web brows

2 min Patch Tuesday

Patch Tuesday - February 2018

It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual CVEs have been fixed [https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft, most of which (34) are rated "Important". As usual, most of the 14 considered "Critical" are web browser vulnerabilities that could lead to remote code execution (RCE). The most concerning non-browser issue is CVE-2018-0825 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825] , an RCE i

3 min Patch Tuesday

Patch Tuesday - January 2018

The first Microsoft patches of 2018 came early, with new updates released late Wednesday, January 3rd. Although this was due to the (somewhat [https://www.freebsd.org/news/newsflash.html#event20180104:01]) coordinated disclosure of the Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] vulnerabilities, last week’s updates also contained fixes for 33 additional CVEs. These days, Microsoft releases their OS updates as monolithi

6 min Haxmas

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12 months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only eleven months this year, thanks to Microsoft canceling [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] most of February’s planned fixes. This coincided with when they’d planned to [https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/] roll out their

2 min Patch Tuesday

Patch Tuesday - December 2017

No big surprises from Microsoft this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6] , with 70% of the 34 vulnerabilities addressed being web browser defects. Most of these are Critical Remote Code Execution (RCE) vulnerabilities, so administrators should prioritize patching client workstations. It doesn't take sophisticated social engineering tactics to convince most users to visit a malicious web page, or a legitimate but

1 min Patch Tuesday

Patch Tuesday - November 2017

Web browser issues account for two thirds of this month's patched vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99] , with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these are classified as Critical (allowing code execution without user interaction). This is no surprise, as browser bugs are typically well represented on Patch Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie