Microsoft has released its monthly security update, addressing 142 vulnerabilities across its product suite and software. One of these vulnerabilities is already being exploited in the wild. The vulnerabilities were fixed as part of Microsoft’s monthly bug fix release, widely known as “Patch Tuesday”. Microsoft Fixed 3 Critical Flaws in Patch Tuesday In the most… Continue reading Microsoft Fixes 3 Critical Vulnerabilities in July Patch Tuesday, One Exploited
Tag: Patch Tuesday
Critical vulnerability in Office fixed, but macOS update is delayed
As part of the January Patch Tuesday, Microsoft engineers fixed a critical vulnerability in Office that could allow attackers to remotely run malicious code on vulnerable systems. The RCE vulnerability identified as CVE-2022-21840 can be exploited on target devices with even the lowest privileges and in simple attacks that require user interaction. Basically, the user… Continue reading Critical vulnerability in Office fixed, but macOS update is delayed
Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
Cybersecurity researchers published an exploit for Windows that allows escalating privileges
Bleeping Computer reported that cybersecurity researcher has published an exploit for a new zero-day vulnerability that can be used to escalate local privileges in all supported versions of Windows, including Windows 10, Windows 11 and Windows Server 2022. The journalists write that they have already tried the exploit in action and were able to open… Continue reading Cybersecurity researchers published an exploit for Windows that allows escalating privileges
Microsoft fixes 81 bugs, including vulnerability under attacks
Microsoft has released updates for its products: in total, this month the company fixed 74 bugs (81 if to include vulnerabilities in Microsoft Edge), three of which are classified as critical, four have the status of zero-day vulnerabilities, and one problem has already been adopted by hackers. Of the four 0-day vulnerabilities under attack, there… Continue reading Microsoft fixes 81 bugs, including vulnerability under attacks
Microsoft releases patches for 44 vulnerabilities, including three 0-days
As part of Patch Tuesday this week, Microsoft released patches for 44 vulnerabilities (51 including bugs in Microsoft Edge), seven of which were classified as critical, three were 0-day, and one was already under attack. Patches released this month: .NET Core and Visual Studio, ASP.NET Core and Visual Studio, Azure, Windows Update, Windows Print Spooler… Continue reading Microsoft releases patches for 44 vulnerabilities, including three 0-days
Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities
As part of July Patch Tuesday, Microsoft fixed (released patches) for 117 vulnerabilities, of which 13 were classified as critical. That is, the July set of patches is twice as large as the May and June “Patch Tuesday” combined. This time, bugs were fixed in products such as Microsoft Office, SharePoint, Excel, Microsoft Exchange Server,… Continue reading Microsoft patches 117 vulnerabilities, including 9 zero-day vulnerabilities
Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue
As part of June Patch Tuesday, 50 vulnerabilities in Microsoft products were fixed, including six 0-day vulnerabilities in Windows. Vulnerabilities that have been patched were found in Microsoft Office, .NET Core and Visual Studio, Edge browser, Windows Cryptographic Services, SharePoint, Outlook and Excel. Six zero-day vulnerabilities that were already under attack were also addressed, with… Continue reading Six 0-day vulnerabilities fixed in Windows, including a commercial exploit issue
IIS bug with worm potential poses a threat to WinRM servers
As part of the May “Patch Tuesday” Microsoft has fixed a dangerous bug with worm potential in Internet Information Services (IIS), which received the identifier CVE-2021-31166. Last week, many researchers and information security companies wrote that this vulnerability is one of the most serious problems fixed this month (9.8 out of 10 on the CVSS… Continue reading IIS bug with worm potential poses a threat to WinRM servers
On June “Patch Tuesday” Microsoft fixed 129 vulnerabilities in its products
“Patch Tuesday” this month became the largest in the history of Microsoft: were fixed at once 129 vulnerabilities. March 2020 with 115 corrections is in second place, and 113 corrections in April 2020 arein a third place. 100 absolutely “ridiculous” Microsoft patches were presented in February “Patch Tuesday”, but among them was the sensational 0-day… Continue reading On June “Patch Tuesday” Microsoft fixed 129 vulnerabilities in its products