Patch Tuesday Update – May 2024
In this Patch Tuesday edition, Microsoft addressed 59 CVEs, one critical, 57 important, and one moderate. Three are for zero-day vulnerabilities, two of which are exploited in the wild. If we include the third-party CVEs documented by Microsoft, the total CVE count rises to 63. Patches cover components from Windows, ... Read More
5 Days to Patch – Did The DBIR Get This Wrong?
Just before RSA, Verizon published its annual Data Breach Investigations Report (DBIR). One of the key findings this year was a 3x increase in vulnerability exploitation as a critical path to initiate a breach. The DBIR researchers also report a sharp decrease in the time between when a critical CVE ... Read More
Balbix Guide to XZ Utils Backdoor
Executive Summary On March 29, 2024, developer Andres Freund reported the discovery of a backdoor in XZ Utils, affecting v5.6.0 and 5.6.1. XZ Utils, which provides compression tools for the .xz format, is included in a wide range of Linux distributions and projects. Tracked by CVE-2024-3094, this backdoor gives a ... Read More
