January 9, 2024 at 05:35PM
Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits were reported.
From the meeting notes:
– Microsoft released a relatively calm Patch Tuesday with 49 Windows security updates, including fixes for two critical-rated bugs and four high-severity Chrome flaws in Microsoft Edge.
– None of the January CVEs are under active exploit, according to Redmond.
– Adobe released one security update for its Substance 3D Stager product that fixes six vulnerabilities, all rated “important,” that could allow memory leaks and arbitrary code execution.
– SAP issued 12 new and updated patches, including three HotNews Notes and four High Priority Notes.
– Cisco released its final update for two privilege escalation CVEs in its Identity Services Engine (ISE) that were originally disclosed in September.
– Google’s January Security Bulletin for Android addresses 59 CVEs, but none of these appear to have been found and exploited by criminals prior to the patches.
Let me know if you need any other specific details or if you have any other requirements.