Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
February 14, 2023Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild.
ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now
January 31, 2023Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended.
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)
January 10, 2023Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.
CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability
December 21, 2022Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible.
Microsoft’s December 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-44698)
December 13, 2022Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).
Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073)
November 8, 2022Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild.
Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)
October 11, 2022Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws.
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
October 7, 2022Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
September 30, 2022Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.
Microsoft’s September 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-37969)
September 13, 2022Microsoft addresses 62 CVEs in its September 2022 Patch Tuesday release, including five critical flaws.
Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)
August 9, 2022Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws.
Microsoft’s July 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-22047)
July 12, 2022Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild.