Welcome to the final second Tuesday of the year. As expected, Microsoft and Adobe have released their latest security updates and fixes. Take a break from your holiday preparations and join us as we review the details of the latest security patches. Microsoft Patches for December 2022 In this month’s Patch Tuesday, Microsoft released 52 … Continue reading “The December 2022 Patch Tuesday Security Update Review”
Tag: microsoft
Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical
Microsoft has released security updates for 65 new vulnerabilities in its November 2022 Patch Tuesday Edition. The security update also addressed six actively exploited zero-day vulnerabilities. Out of the 65 vulnerabilities, 10 are rated as critical that include privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities. This month’s security updates also … Continue reading “Microsoft Patch Tuesday, November 2022 Edition: 65 New Vulnerabilities Patched, 6 Zero-days, and 10 Rated as Critical”
Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as Critical
Microsoft has released security updates for 84 vulnerabilities in its October 2022 Patch Tuesday Edition. The security updates addressed two zero-days with one actively exploited in attacks (CVE-2022-41033) and one publicly disclosed (CVE-2022-41043). Out of the 84 vulnerabilities, 13 are rated critical (privilege elevation, spoofing, remote code execution, and other severe types of vulnerabilities). … Continue reading “Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as Critical”
Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)
Vietnamese cybersecurity outfit GTSC has reported two critical vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 via the Zero-day initiative (ZDI-CAN-18333 and ZDI-CAN-18802). The first flaw (CVE-2022-41040) is a Server-Side Request Forgery (SSRF) vulnerability. The second flaw (CVE-2022-41082) allows remote code execution (RCE) when PowerShell is accessible to the attacker. Microsoft has mentioned in … Continue reading “Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)”
Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition
Microsoft has released security updates for 79 vulnerabilities in its September 2022 Patch Tuesday Edition. This month’s security updates also addressed two zero-days (CVE-2022-37969 and CVE-2022-23960). Microsoft mentioned in the advisory that CVE-2022-37969 is being exploited in the wild. Out of the 79 vulnerabilities, five are rated critical (CVE-2022-35805, CVE-2022-34700, CVE-2022-34722, CVE-2022-34721, and CVE-2022-34718). Microsoft also … Continue reading “Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition”
Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday
Microsoft has released its August 2022 Patch Tuesday edition in which 121 vulnerabilities are fixed. The security update addresses two zero-day vulnerabilities (CVE-2022-34713, CVE-2022-30134), one of which is being exploited in the wild (CVE-2022-34713). Out of the 121 vulnerabilities, 17 are rated critical as they allow remote code execution and elevate privileges. Microsoft also included … Continue reading “Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday”
Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday
Microsoft has released fixes for 84 security flaws in its July 2022 edition of Patch Tuesday. This month’s update includes a fix for one zero-day (CVE-2022-22047). Out of the 84 vulnerabilities, four are rated as critical. All the critical vulnerabilities are Remote Code Execution (RCE). Microsoft also released two Microsoft Edge (Chromium-Based) security updates earlier … Continue reading “Microsoft Patches 84 Vulnerabilities Including One Zero-day and Four Critical in the July 2022 Patch Tuesday”
Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)
Cybersecurity researchers from Palo Alto Networks Unit 42 have discovered a new vulnerability in Microsoft’s Service Fabric – commonly used with Azure. Tracked as CVE-2022-30137, the vulnerability could allow a malicious actor with access to a compromised container to escalate privileges and gain control of the resource’s host Service Fabric node and the entire cluster. … Continue reading “Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)”
Microsoft Releases Patches for the Intel Processor MMIO Stale Data Vulnerabilities in June 2022 Patch Tuesday
Microsoft has covered the memory-mapped I/O vulnerabilities known as Processor MMIO Stale Data Vulnerabilities that was published by Intel on June 14, 2022. These vulnerabilities are: CVE-2022-21123 – Shared Buffer Data Read (SBDR) CVE-2022-21125 – Shared Buffer Data Sampling (SBDS) CVE-2022-21127 – Special Register Buffer Data Sampling Update (SRBDS Update) CVE-2022-21166 – Device Register Partial Write (DRPW) … Continue reading “Microsoft Releases Patches for the Intel Processor MMIO Stale Data Vulnerabilities in June 2022 Patch Tuesday”
Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday
Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”