Stay informed on Patch Tuesday updates with the latest security patches and advisories for a safer computing environment.
Search across headline titles and summaries.
Background for this topic.
Patch Tuesday is a recurring event on the second Tuesday of each month when Microsoft releases security patches for its software products. It's a significant date for information security as these patches address vulnerabilities that could be exploited by cyber attackers.
In the context of information security, Patch Tuesday is critical because it provides fixes for security holes that could be used for data breaches, ransomware, and other malicious activities. System administrators and cybersecurity professionals pay close attention to these updates to ensure systems are promptly and adequately protected against known security threats. By regularly applying these patches, organizations can maintain a stronger security posture and mitigate the risk of cyber attacks that could compromise their data and systems.
Weekly headline count for the current query.
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai
Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild.
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »
The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates