Following the relatively light list from last month, November proved to be a much more eventful month for Microsoft users. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. The remaining majority were rated as Important and included patches for Windows graphics components and Microsoft SharePoint, among others.
Read More October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability. The Important bulletins fixed several issues, including NTLM and Microsoft IIS server vulnerabilities.
Read More Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were reported as being exploited, have also been patched.
Read More Microsoft’s June Patch Tuesday announced the release of 88 vulnerability patches in this month’s security bulletin, as well as four advisories and one servicing stack update. Four of the critical patches included in the release are fixes for the zero-days SandboxEscaper previously disclosed.
Read More Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately posted as a mitigating update addressing an imminent “wormable” threat.
Read More