Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
Weekly headline count for the current query.
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix.
The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...
Here's a brief reminder to do two things. The first is to patch. The second is to read up why it's a good idea to patch...
No zero-days this month, so you're patching to stay ahead, not merely to catch up!
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.
When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...
Is Secure Boot without the Secure just "Boot"?
Microsoft says "successful exploitation requires uncommon user interaction", but it's the innocent and accidental leakage of private data you should be concerned about.
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash. Microsoft has tried many things over the years to shake that nickname “BSoD”, including changing the background colour used when crash messages appear, adding […]
Lots of lovely patches for your Valentine's Day delight. Get 'em as soon as you can...
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)
Get 'em while they're hot. And get 'em for the very last time, if you've still have Windows 7 or 8.1...
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!
How 2022 is your encryption?
Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it.
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...
Double-play 0-day in Exchange - what you need to know, and what you can do