Posts tagged Patch Tuesday

3 min Patch Tuesday

Patch Tuesday - September 2018

More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).

2 min Patch Tuesday

Patch Tuesday - August 2018

Microsoft's updates this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573] address over 60 vulnerabilities, 20 of which are classified as Critical. As usual, most of this month's fixes are browser-related, and nearly half of the flaws could lead to remote code execution (RCE). Patches for Exchange, SQL Server, and Microsoft Office were also released. Two of this month's vulnerabilities have already been seen exploited in th
2 min Patch Tuesday

Patch Tuesday - June 2018

This month's Patch Tuesday [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573] is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by Microsoft. However, a bit of excitement came earlier this month, with an out-of-band patch for Adobe Flash Player released last Thursday [https://helpx.adobe.com/security/products/flash-player/apsb18-19.html] to fix four security issues. Two of these were flaws that can lead

3 min Patch Tuesday

Patch Tuesday - April 2018

Over 70 vulnerabilities have been fixed this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d] , including 6 in Adobe Flash [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] ( APSB18-08 [https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]). At a high level, there's nothing too out of the ordinary. Unfortunately, that means the majority of the patched vulnerabilities are once ag
2 min Patch Tuesday

Patch Tuesday - March 2018

There are a lot of fixes this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d] : Microsoft's updates include patches for 76 separate vulnerabilities, including two critical Adobe Flash Player remote code execution (RCE) vulnerabilities [https://helpx.adobe.com/security/products/flash-player/apsb18-05.html]. In fact all of this month's critical vulnerabilities are browser-related. This is not surprising considering web brows
2 min Patch Tuesday

Patch Tuesday - February 2018

It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual CVEs have been fixed [https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft, most of which (34) are rated "Important". As usual, most of the 14 considered "Critical" are web browser vulnerabilities that could lead to remote code execution (RCE). The most concerning non-browser issue is CVE-2018-0825 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825] , an RCE i
3 min Patch Tuesday

Patch Tuesday - January 2018

The first Microsoft patches of 2018 came early, with new updates released late Wednesday, January 3rd. Although this was due to the (somewhat [https://www.freebsd.org/news/newsflash.html#event20180104:01]) coordinated disclosure of the Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] vulnerabilities, last week’s updates also contained fixes for 33 additional CVEs. These days, Microsoft releases their OS updates as monolithi
6 min Haxmas

HaXmas Review: A Year of Patch Tuesdays

Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12 months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only eleven months this year, thanks to Microsoft canceling [https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/] most of February’s planned fixes. This coincided with when they’d planned to [https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/] roll out their
2 min Patch Tuesday

Patch Tuesday - December 2017

No big surprises from Microsoft this month [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6] , with 70% of the 34 vulnerabilities addressed being web browser defects. Most of these are Critical Remote Code Execution (RCE) vulnerabilities, so administrators should prioritize patching client workstations. It doesn't take sophisticated social engineering tactics to convince most users to visit a malicious web page, or a legitimate but
1 min Patch Tuesday

Patch Tuesday - November 2017

Web browser issues account for two thirds of this month's patched vulnerabilities [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99] , with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these are classified as Critical (allowing code execution without user interaction). This is no surprise, as browser bugs are typically well represented on Patch Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie
2 min Patch Tuesday

Patch Tuesday - October 2017

Patch Tuesday round-up for October 2017
1 min Patch Tuesday

Patch Tuesday - September 2017

It's a big month, with Microsoft patching [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99] 85 separate vulnerabilities including the two Adobe Flash Player Remote Code Execution [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013] (RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing recent trends, the bulk of Critical RCE vulnerabilities are client-side, primarily in Edge, IE,

2 min Microsoft

Patch Tuesday - June 2017

This month sees another spate of critical fixes [https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99] from Microsoft, including patches for a number of Remote Code Execution (RCE) vulnerabilities. Two of these are already known to be exploited in the wild ( CVE-2017-8543 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543] and CVE-2017-8464 [https://portal.msrc.microsoft.com/en-US/security-guidance/advis
2 min Microsoft

Patch Tuesday - May 2017

It's a relatively light month as far as Patch Tuesdays go, with Microsoft issuing fixes for a total of seven vulnerabilities as part of their standard update program. However, an eighth, highly critical vulnerability (CVE-2017-0290 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290] ) that had some of the security community buzzing over the weekend was also addressed [https://technet.microsoft.com/en-us/library/security/4022344] late Monday evening. A flaw in the

5 min Microsoft

Actionable Vulnerability Remediation Projects in InsightVM

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM [https://www.rapid7.com/products/insightvm/] was designed to drive more effective remediation efforts by allowing users to project manage efforts both large and small. Remediation Workflow is designed

Popular Topics

Tags