2 min
Patch Tuesday
Patch Tuesday - August 2019
First off, the big news for today's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d]
: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities,
reminiscent of the BlueKeep
[/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/]
vulnerability (CVE-2019-0708
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708]
) that was patched last May. CVE-2019-11
3 min
Patch Tuesday
Patch Tuesday - March 2019
Today Microsoft released updates
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d]
that resolve over 60 different vulnerabilities. As usual, Windows, web browsers,
and SharePoint Server are all affected. Office gets off relatively lightly with
only a single vulnerability fixed (CVE-2019-0748
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0748]
, a remote code execution (RCE) vulnerability in the Acces
2 min
Patch Tuesday
Patch Tuesday - February 2019
Microsoft got back in the swing of things today after a couple of relatively
light months, with over 70 separate CVEs
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573]
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
[https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
5 min
Haxmas
HaXmas Review: 12 Patch Tuesdays a-Patching
Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.
2 min
Patch Tuesday
Patch Tuesday - October 2018
This month's patches from Microsoft include fixes for 50 distinct vulnerabilities.
3 min
Patch Tuesday
Patch Tuesday - September 2018
More than 60 vulnerabilities were addressed by this month's patches, including CVE-2018-15967 (a privilege escalation/information disclosure vulnerability in Adobe Flash Player).
2 min
Patch Tuesday
Patch Tuesday - August 2018
Microsoft's updates this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573]
address over 60 vulnerabilities, 20 of which are classified as Critical. As
usual, most of this month's fixes are browser-related, and nearly half of the
flaws could lead to remote code execution (RCE). Patches for Exchange, SQL
Server, and Microsoft Office were also released.
Two of this month's vulnerabilities have already been seen exploited in th
2 min
Patch Tuesday
Patch Tuesday - June 2018
This month's Patch Tuesday
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573]
is rather run-of-the-mill, with a total of 50 vulnerabilities being addressed by
Microsoft. However, a bit of excitement came earlier this month, with an
out-of-band patch for Adobe Flash Player released last Thursday
[https://helpx.adobe.com/security/products/flash-player/apsb18-19.html] to fix
four security issues. Two of these were flaws that can lead
3 min
Patch Tuesday
Patch Tuesday - April 2018
Over 70 vulnerabilities have been fixed this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d]
, including 6 in Adobe Flash
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007] (
APSB18-08
[https://helpx.adobe.com/security/products/flash-player/apsb18-08.html]).
At a high level, there's nothing too out of the ordinary. Unfortunately, that
means the majority of the patched vulnerabilities are once ag
2 min
Patch Tuesday
Patch Tuesday - March 2018
There are a lot of fixes this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d]
: Microsoft's updates include patches for 76 separate vulnerabilities, including
two critical Adobe Flash Player remote code execution (RCE) vulnerabilities
[https://helpx.adobe.com/security/products/flash-player/apsb18-05.html].
In fact all of this month's critical vulnerabilities are browser-related. This
is not surprising considering web brows
2 min
Patch Tuesday
Patch Tuesday - February 2018
It's a run-of-the-mill month as far as Patch Tuesdays go. Even so, 50 individual
CVEs have been fixed
[https://helpx.adobe.com/security/products/acrobat/apsb18-02.html] by Microsoft,
most of which (34) are rated "Important". As usual, most of the 14 considered
"Critical" are web browser vulnerabilities that could lead to remote code
execution (RCE). The most concerning non-browser issue is CVE-2018-0825
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0825]
, an RCE i
3 min
Patch Tuesday
Patch Tuesday - January 2018
The first Microsoft patches of 2018 came early, with new updates released late
Wednesday, January 3rd. Although this was due to the (somewhat
[https://www.freebsd.org/news/newsflash.html#event20180104:01]) coordinated
disclosure of the Meltdown and Spectre
[/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/]
vulnerabilities, last week’s updates also contained fixes for 33 additional
CVEs. These days, Microsoft releases their OS updates as monolithi
6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12
months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only
eleven months this year, thanks to Microsoft canceling
[https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/]
most of February’s planned fixes. This coincided with when they’d planned to
[https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/]
roll out their
2 min
Patch Tuesday
Patch Tuesday - December 2017
No big surprises from Microsoft this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6]
, with 70% of the 34 vulnerabilities addressed being web browser defects. Most
of these are Critical Remote Code Execution (RCE) vulnerabilities, so
administrators should prioritize patching client workstations. It doesn't take
sophisticated social engineering tactics to convince most users to visit a
malicious web page, or a legitimate but
1 min
Patch Tuesday
Patch Tuesday - November 2017
Web browser issues account for two thirds of this month's patched
vulnerabilities
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99]
, with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these
are classified as Critical (allowing code execution without user interaction).
This is no surprise, as browser bugs are typically well represented on Patch
Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie