Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical "Bad Neighbor" vulnerability and two out-of-band patches.
Apple has released security updates to fix vulnerabilities in macOS Catalina 10.15.7, iCloud for Windows 11.4 and other products.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a new security advisory warning of publicly available exploit code for a Microsoft Netlogon vulnerability CVE-2020-1472. Researchers have dubbed the vulnerability 'Zerologon' that could allow attackers to hijack Windows domain controllers.
Microsoft has released the September 2020 Security updates that includes patches for 129 vulnerabilities, 24 of them rated Critical. Adobe also released updates for Experience Manager, Framemaker and InDesign.
Microsoft has released August 2020 Security updates, that includes a patch for an actively attacked memory corruption vulnerability (CVE-2020-1380) in the Scripting Engine. Adobe also released updates for Adobe Acrobat and Reader, as well as Lightroom.
Microsoft has released July 2020 Security updates, that includes an emergency patch for 'a Wormable' RCE Vulnerability CVE-2020-1350 dubbed "SIGRed" in Window DNS Server.
Microsoft has released two emergency out-of-band Windows Codecs Library patches for multiple Windows 10 and Windows Server versions. The release comes nearly two weeks before the next 'Patch Tuesday' updates scheduled for July 14.
Microsoft has released an out-of-band patch to fix a Windows 10 spatial data service vulnerability. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to privilege escalation.
Microsoft released the June 2020 Security Updates that includes 128 unique vulnerability fixes, 11 of those rated critical. In addition, Adobe patched a Critical vulnerability in Adobe Flash.
TrickBot recently replaced one of its propagation modules "mworm" with new module named "nworm." The updated module can exploit vulnerable domain controllers (DCs) and evade detection by running in memory.