Microsoft May 2021 Security Updates include fixes for 4 Critical and 3 zero-day vulnerabilities

Microsoft has released the May 2021 Security updates that includes patches for 55 vulnerabilities, 4 of those rated Critical. The updates also include fixes for 3 zero-day flaws.

Continue Reading Microsoft May 2021 Security Updates include fixes for 4 Critical and 3 zero-day vulnerabilities

Microsoft February 2021 Security Updates, warns of Win32k Privilege Escalation vulnerability exploited in wild (updated)

Microsoft has released the February 2021 Security updates that includes patches for 56 vulnerabilities, 11 of those rated Critical. Moreover, the tech giant warned of a Win32k Privilege Escalation vulnerability CVE-2021-1732 exploited in wild.

Continue Reading Microsoft February 2021 Security Updates, warns of Win32k Privilege Escalation vulnerability exploited in wild (updated)

SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)

SolarWinds has released an updated security advisory on SUPERNOVA malware, a separate threat vector from the previously reported supply chain cyberattack that was based on SUNBURST backdoor malware. The update now includes new information on 0-day CVE-2020-10148 and PoC demo.

Continue Reading SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated)

Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical "Bad Neighbor" vulnerability and two out-of-band patches.

Continue Reading Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated)

Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability)

Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.

Continue Reading Microsoft January 2020 Security Updates (includes fix for Windows CryptoAPI vulnerability)