Microsoft has released their monthly security bulletin—colloquially known as Patch Tuesday—for September. The most important update is one that addresses a zero-day vulnerability that exploits Microsoft Word to potentially allow attackers to execute code on the target system remotely.Read More
Microsoft has released their monthly security bulletin with 48 security patches—25 of which are labeled Critical, 21 are Important, and two are Moderate in severity. This was a standard batch of updates, addressing issues in Internet Explorer, Microsoft Edge, Windows, Microsoft SharePoint, Adobe Flash Player and Microsoft SQL Server.
A majority of the critical CVEs are Scripting Engine Memory Corruption Vulnerabilities, which is not surprising. Since April of this year, we’ve been seeing a steady increase in vulnerabilities for the Scripting Engine. Typically, in a web-based attack scenario, an attacker would leverage Scripting Engine vulnerabilities to create a malicious website and then maneuver users to visit the site. This current batch of critical vulnerabilities could result in remote code execution if exploited successfully.Read More
Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This July, Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere.Read More
Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014.Read More
Microsoft addresses a zero-day vulnerability that exploits the Microsoft Malware Protection Engine before May’s Patch Tuesday.Read More