Patch Tuesday Archives - Cyber Security Minute

Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)

Issued by: Help Net Security

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain…

Network Security

July 2022 Patch Tuesday forecast: A summertime lull?

Issued by: Help Net Security

June 2022 Patch Tuesday wrapped up a few loose ends we were waiting on. The Follina remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) was fixed. Internet Explorer came to a quiet end in most versions of the Windows 10 operating system. And finally, the Phase 2 update for CVE-2021-26414, the…

Vulnerabilities

2020 to reach vulnerability disclosure levels similar to those in 2019

Issued by: Help Net Security

The number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021, according to Risk Based Security. The team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a 4.6% gap when compared to last year. However, earlier in 2020 that gap was instead a…

Software Security

July 2020 Patch Tuesday forecast: Will the CVE trend continue?

Issued by: Help Net Security

Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange…

Vulnerabilities

Microsoft Patches Several Publicly Disclosed Flaws

Issued by: Security Week

Microsoft’s December 2016 Patch Tuesday updates include a total of 12 critical and important security bulletins that resolve vulnerabilities in Windows, Office, Internet Explorer and Edge. Several of the vulnerabilities patched this week have already been publicly disclosed. For instance, the critical bulletin MS16-144 fixes eight remote code execution, security bypass and information disclosure flaws….