EoP Flaws Again Lead Microsoft Patch Day
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
Security updates fix software weaknesses, reduce exploitable risk, and may address vulnerabilities affecting systems, applications, and devices.
Search across headline titles and summaries.
Background for this topic.
Security updates are vendor-released patches, fixes, or configuration changes that address vulnerabilities and other weaknesses in operating systems, applications, libraries, firmware, cloud services, and network equipment. They may correct exploitable code, tighten security controls, or provide mitigations when a complete fix is not yet available.
For security practitioners, update news informs vulnerability management: assess whether affected assets are deployed, determine exposure and exploitability, prioritize urgent fixes, and verify installation. Applying updates can reduce attack paths such as remote code execution or privilege escalation, but rushed changes can disrupt services, so testing, staged deployment, rollback plans, and compensating controls may be needed. Advisories can also reveal required configuration changes, affected dependencies, or unsupported versions that need replacement.
Weekly headline count for the current query.
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
The company's August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
The security update comes just weeks after the release of iOS 17.4, but Apple has not included CVEs or information about the fixes.
Fixes for more than 100 vulnerabilities affect numerous products including Windows, Office, .Net, and Azure Active Directory, among others.
The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.
The 49 CVE's in Microsoft's May security update is the lowest volume in nearly two years.
Smaller fixes deliver quick improvements for iPhones, iPads, and iMacs between software updates.
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.
Here are which Microsoft patches to prioritize among the June Patch Tuesday batch.