dcsimg

September 2020 Patch Tuesday—A Higher Count of Critical Vulnerabilities

As we head into September, Microsoft fixed another large chunk of vulnerabilities this month. While none of the “Critical” vulnerabilities appear to be under active attack (at the time of review), there is a higher count of vulnerabilities Microsoft has chosen to label as “Critical”—at least in comparison to the last few months. Read More … [Read more...]

August 2020 Patch Tuesday—No Emergencies but Plenty to Review

This Patch Tuesday follows the 2020 trend of 100+ vulnerabilities, but unlike last month, no major alarm bells to sound. August brings us fixes for 120 unique vulnerabilities, with 17 of them listed as “Critical,” with 97 listed as “Important.” Only a handful are listed as “Low” or “Moderate.” There are, however, a few listed as “Exploitation More Likely,” and one is listed as “Exploitation … [Read more...]

July 2020 Patch Tuesday Update—Not the Largest, But a Few to Pay Attention to Now

I’m beginning to think 100+ vulnerabilities in each Patch Tuesday is the “new normal” for Microsoft, as that’s been the range all year. This July release is important because of a few surprises that need immediate attention. This month there are 123 vulnerabilities fixed, with 18 of them marked “Critical” and 106 marked “Important.” While there are no “Exploit Detected” items as of this writing, … [Read more...]

Rare CVSS 10 Vulnerability Disclosed for Microsoft DNS Servers: Please Read

Be on the lookout for my typical Patch Tuesday blog tomorrow but one particularly stands out that we wanted to let you know about ASAP. As you may have already seen, on July 14, Microsoft disclosed a vulnerability for those running Microsoft DNS servers and/or Active Directory environments, and issued a patch.  Read More … [Read more...]

Is the Business World Ready for DNS Over HTTPS (DoH)? 

DNS is one of the older networking protocols in the modern technology stack. It was first invented in 1983 and was given a standard in 1987 after the … [Read more...]

June 2020 Patch Tuesday Update—Highest CVE count in history

The June patch Tuesday release is another heavy one, meaning the research community keeps finding more vulnerabilities and Microsoft continues to step up and knock them down. In total, 128 unique CVE numbers were fixed—the highest so far. Of those, 11 are marked “Critical” across operating systems, browsers, and one in SharePoint. There are also some very notable “Important” vulnerabilities to pay … [Read more...]

May 2020 Patch Tuesday Update: 111 CVE Numbers Addressed

This month’s Patch Tuesday release contains 111 total CVE numbers addressed, with 16 of them listed as “Critical.” Unlike the past few months, there are no vulnerabilities listed as “Exploit Detected” by Microsoft. The “Critical” vulnerabilities this month affect Windows operating systems, browsers, SharePoint, and Visual Studio Code. Operating systems Read More … [Read more...]

April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed

This month’s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 of them listed as “Critical,” including a fix for a recently announced 0-day vulnerability from March. The “Critical” vulnerabilities affect Windows operating systems, browsers, SharePoint, and Microsoft Dynamics. Three vulnerabilities are listed as “Exploit Detected” this month.  Operating systems Read More … [Read more...]

New 0-Day Vulnerability in Windows Adobe Type Manager Library Exploited in the Wild

Generally, Microsoft announces vulnerabilities when they release patches on their (in)famous Patch Tuesday releases. That usually means bad actors only have a chance to investigate and exploit a vulnerability after the patch is released, leaving a small window of opportunity to use the vulnerability in attacks before systems have the patch applied. Read More … [Read more...]

New 0-Day Vulnerability in Windows Adobe Type Manager Library Exploited in the Wild

Generally, Microsoft announces vulnerabilities when they release patches on their (in)famous Patch Tuesday releases. That usually means bad actors only have a chance to investigate and exploit a vulnerability after the patch is released, leaving a small window of opportunity to use the vulnerability in attacks before systems have the patch applied. Read More … [Read more...]