In this Patch Tuesday edition, Microsoft addressed 72 CVEs, including 1 Zero-Day, 16 Criticals, 54 Important and 1 Moderate—the one Zero-Day was found to be actively exploited in the wild. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted for 23%, followed by Remote Code Execution (RCE) at 38% ... Read More

Every week, IT and security teams gather – be it in a virtual conference room or a cramped huddle space – prepared to spend an hour or two wincing at massive lists of “Critical” and “High” severity vulnerabilities. The vulnerability management tools have done their job, dutifully regurgitating every fresh ... Read More

In this Patch Tuesday edition, Microsoft addressed 117 CVEs, including 5 Zero-Days, 3 Criticals, 113 Important and 1 Moderate. Two of the 5 Zero-Days are actively exploited in the wild. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted for 23%, followed by Remote Code Execution (RCE) at 38% ... Read More

In this Patch Tuesday edition, Microsoft addressed 79 CVEs, including 4 Zero-Days, 7 Criticals, 71 Important and 1 Moderate. Out of the 4 Zero-Days, 3 are actively exploited in the wild. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted for 38%, followed by Remote Code Execution (RCE) at ... Read More

In this Patch Tuesday edition, Microsoft addressed 101 CVEs, 89 Microsoft CVEs and 12 non-Microsoft CVEs. Seven are Critical, and 77 are Important. Ten are zero-days, with six exploited in the wild. Patches cover Windows DNS, Secure Boot, Kernel, Security Center, Smart Screen, App Installer, Scripting and Office components. From ... Read More

In this Patch Tuesday edition, Microsoft addressed 49 CVEs across its entire portfolio of products. One was marked Critical and 48 Important. No zero-days and none of them exploited in the wild. If we include the third-party CVEs documented by Microsoft, the total CVE count rises to 51. Patches cover ... Read More

In this Patch Tuesday edition, Microsoft addressed 59 CVEs, one critical, 57 important, and one moderate. Three are for zero-day vulnerabilities, two of which are exploited in the wild. If we include the third-party CVEs documented by Microsoft, the total CVE count rises to 63. Patches cover components from Windows, ... Read More

Just before RSA, Verizon published its annual Data Breach Investigations Report (DBIR). One of the key findings this year was a 3x increase in vulnerability exploitation as a critical path to initiate a breach. The DBIR researchers also report a sharp decrease in the time between when a critical CVE ... Read More

Executive Summary On March 29, 2024, developer Andres Freund reported the discovery of a backdoor in XZ Utils, affecting v5.6.0 and 5.6.1. XZ Utils, which provides compression tools for the .xz format, is included in a wide range of Linux distributions and projects. Tracked by CVE-2024-3094, this backdoor gives a ... Read More