Security News

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. "The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.

Intel needs its own box for its bugs.... Intel dumped more than 30 security advisories on the world today, with updates and mitigations for folks to install or follow. Vulnerabilities in the Intel Media SDK can be exploited to gain privileges or crash software.

We counted 75 CVE-numbered bugs dated 2023-02-14, given that this year's February updates arrived on Valentine's Day. We extracted a list and included it below, sorted so that the bugs dubbed Critical are at the top.

Microsoft says that some WSUS servers upgraded to Windows Server 2022 might fail to push Windows 11, version 22H2 updates released during this month's Patch Tuesday to endpoints across enterprise environments. This known issue only affects WSUS servers upgraded from Windows Server 2016 or Windows Server 2019.

Microsoft has reminded admins that Exchange Server 2013 is reaching its extended end-of-support date in 60 days, on April 11, 2023. The first version of Exchange Server 2013 was released in January 2013, and it reached its mainstream end date four years ago, in April 2018.

The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws. "The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer," Microsoft explains.

Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws. This month's Patch Tuesday fixes three actively exploited zero-day vulnerabilities used in attacks.

Microsoft says the Internet Explorer 11 desktop web browser will be disabled on some Windows 10 systems starting today via a Microsoft Edge update. "As previously announced, the out-of-support Internet Explorer 11 desktop application will be permanently disabled on certain versions of Windows 10 starting today, February 14, 2023," Microsoft said.

Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired. The problem appears to be connected to WinGet CDN's SSL/TLS certificate that has now expired.