November 13, 2024 at 11:36AM Microsoft’s November 2024 Patch Tuesday addressed 89 vulnerabilities, including four zero-days, with two actively exploited. Key fixes involve critical flaws in remote code execution and privilege escalation. Other notable updates were shared by Adobe, Cisco, and Google. Comprehensive vulnerability details are outlined in the full report. ### Meeting Takeaways – … Read more
November 12, 2024 at 08:32PM Microsoft’s recent Patch Tuesday update addressed 89 security flaws, including two under active attack. Vulnerabilities CVE-2024-49039 and CVE-2024-43451 enable privilege escalation and account impersonation, respectively. Additionally, severe flaws in Azure and .NET products could lead to remote code execution. CISA highlighted an increase in zero-day exploitations throughout 2023. ### Meeting … Read more
November 12, 2024 at 02:04PM Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical flaws and two actively exploited zero-days. Notable vulnerabilities include NTLM Hash Disclosure and Windows Task Scheduler issues. The update also highlights fixes for other major products and features from various vendors, ensuring enhanced security across systems. ### Meeting Takeaways … Read more
September 10, 2024 at 02:23PM Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and 21H2, including 6 fixes and security updates fixing 142 vulnerabilities. Users can install it manually or schedule an update time. It addresses various issues, including Bluetooth and BitLocker bugs. However, there are issues with account profile pictures and … Read more
August 13, 2024 at 02:44PM Today, Microsoft’s August 2024 Patch Tuesday addresses 89 flaws with security updates, including six actively exploited and three publicly disclosed zero-days. Additionally, Microsoft is in the process of addressing a tenth publicly disclosed zero-day. Based on the meeting notes, the key takeaways are: – It is Microsoft’s August 2024 Patch … Read more
July 9, 2024 at 03:03PM Microsoft released a large set of updates to address security vulnerabilities in the Windows environment. They warned of active exploitation of a Windows Hyper-V privilege escalation bug and a Windows MSHTML Platform spoofing vulnerability. These vulnerabilities represent only a portion of the 143 documented bugs, with five rated as critical. … Read more
June 12, 2024 at 06:16PM Symantec’s threat hunters suspect Black Basta ransomware gang exploited a Windows privilege escalation bug, CVE-2024-26169, before Microsoft’s patch. Symantec’s analysis suggests the ransomware could have been compiled pre-patch, allowing “at least one group” to exploit the vulnerability as a zero-day. The ransomware gang, tracked as Storm-1811, used social engineering attacks … Read more
April 9, 2024 at 02:00PM Microsoft has released the KB5036893 cumulative update for Windows 11 23H3, featuring 29 changes and enabling Moment 5 features for all users. It’s mandatory for April 2024 security updates fixing sixty vulnerabilities. The update can be installed via Windows Update or Microsoft Update Catalog and includes multiple enhancements and fixes. … Read more
March 13, 2024 at 02:03AM Microsoft released a monthly security update addressing 61 vulnerabilities, including 2 critical issues in Windows Hyper-V with potential for denial-of-service and remote code execution. None of the flaws were publicly known or under active attack, but updates were also made to the Chromium-based Edge browser. Other vendors have also released … Read more
March 12, 2024 at 06:13PM Microsoft’s March Patch Tuesday update addresses 60 unique CVEs, with only two rated as “critical”. Both affect Windows Hyper-V: CVE-2024-21407, a remote code execution (RCE) bug, and CVE-2024-21408, a denial-of-service (DoS) vulnerability. The update also includes fixes for 18 RCE and two dozen elevation-of-privilege vulnerabilities, requiring immediate attention. Notably, this … Read more