Microsoft has released July 2020 Security updates, that includes an emergency patch for 'a Wormable' RCE Vulnerability CVE-2020-1350 dubbed "SIGRed" in Window DNS Server.
Microsoft has released two emergency out-of-band Windows Codecs Library patches for multiple Windows 10 and Windows Server versions. The release comes nearly two weeks before the next 'Patch Tuesday' updates scheduled for July 14.
Microsoft has released an out-of-band patch to fix a Windows 10 spatial data service vulnerability. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to privilege escalation.
Microsoft released the June 2020 Security Updates that includes 128 unique vulnerability fixes, 11 of those rated critical. In addition, Adobe patched a Critical vulnerability in Adobe Flash.
TrickBot recently replaced one of its propagation modules "mworm" with new module named "nworm." The updated module can exploit vulnerable domain controllers (DCs) and evade detection by running in memory.
Microsoft released the April 2020 Security Updates that includes 113 unique vulnerability fixes, 18 of those rated critical. The updates also include patches for two Adobe Font Manager zero day vulnerabilities disclosed in March.
Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.
Microsoft issued the December 2019 Security Updates that include 36 unique vulnerability fixes, 7 of those rated critical and 29 rated important. One of the patches addresses a Win32k vulnerability under active attack in the wild.
Microsoft issued the November 2019 Security Updates that include 74 unique vulnerability fixes, 13 of those rated critical. In addition, Microsoft provided guidance for a vulnerability CVE-2019-16863 in Trusted Platform Module (TPM).
Organizations should prioritize getting rid of end-of-support (EOS) software. To assist in that effort, the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an EOS software report list.