In this month’s patch Tuesday, Microsoft has released patches for more than 70 vulnerabilities, including a suspected Advanced Persistent Threat (APT)-related critical privilege escalation in the Win32 driver (CVE-2021-40449), which is currently being exploited in the wild.
Microsoft has released security updates as part of its monthly Patch Tuesday to urgently address 66 security flaws, three of which are critical, including an actively exploited remote code execution in MSHTML (CVE-2021-40444).
Microsoft has published an advisory with a workaround in mitigating an unpatched vulnerability in Microsoft Office (CVE-2021-40444).
Though technical details were released just recently, researchers warn of exploit attempts for a patched security vulnerability in MS Exchange Server (CVE-2021-33766 aka ProxyToken).
In this month’s Patch Tuesday, Microsoft rolled out security updates to resolve seven critical and 37 other vulnerabilities in its products and services, including an actively exploited zero day, PrintNightmare and PetitPotam.
Microsoft rolls out fixes for a total of 117 security bugs (13 rated as critical), including nine zero days, four of which are said to be in the wild with high possibility of remote take over from attackers when exploited.
Microsoft has released an emergency out-of-band security update to patch the PrintNightmare zero-day vulnerability (CVE_2021-34527), which affects the Windows Print Spooler service.
Microsoft urges Azure users to install security updates for the PowerShell command-line tool to address a critical remote code execution (RCE) vulnerability impacting .NET Core (CVE-2021-26701).
Microsoft researchers have disclosed new critical vulnerabilities involving Netgear DGN2200v1 series routers, which they claim could be an access point for identity theft leading to full system compromise.
Microsoft has addressed a bug that was causing the Edge browser to crash or stop responding when watching videos or reading comments in Youtube.
Popular CMS WordPress has announced the availability of version 5.7.2. The short cycle security release should address vulnerabilities between versions 3.7 to 5.7 including an object injection vulnerability in PHPMailer (CVE-2020-36326 and CVE-2018-19296).
This Tuesday, Microsoft released security updates to fix 55 vulnerabilities, and three zero-day vulnerabilities (CVE_2021-23204, CVE-2021-31207, CVE-2021-31200), which were publicly disclosed but are not rumoured to be exploited in the wild.
Microsoft’s enterprise version of its Windows 10 Defender antivirus now comes with a feature for blocking cryptojacking malware leveraging on Intel’s Thread Detection Technology (TDT).
Microsoft paused KB5001649 cumulative update rollout due to reported installation and crash issues. With this, Windows 10 device users were recommended to use the previously released KB5001567 emergency update instead.
In the light of the ongoing attacks on Exchange Servers, Microsoft has released a mitigation tool to aid organisations that lack IT and security support. The portable tool is meant to serve as an interim mitigation for those who are not familiar with the patching process as well as those that haven’t rolled out the security updates yet.
A new ransomware called DearCry is deployed by threat actors after they hack into Microsoft Exchange Servers using the recently announced ProxyLogon zero days (CVE-2021-26855, CVE-2021-26857, CVE-2021-26578, CVE-2021-27065).