Security News
Childs described the early years of Patch Tuesday at Microsoft being kind of a party, complete with catered breakfast and music. "Certainly a lot of large financial institutions and I imagine a lot of other organizations were part of really bringing pressure to bear to Microsoft to release it as an instance, a single time so we can plan for it, take a more measured approach and reduce a lot of the chaos that was prior to Patch Tuesday being a thing," he tells The Register.
The Exchange Team asked admins to deploy a new and "Better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August. Tracked as CVE-2023-21709 and patched during August 2023 Patch Tuesday, the security flaw enables unauthenticated attackers to escalate privileges on unpatched Exchange servers in low-complexity attacks that don't require user interaction.
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities. While forty-five remote code execution bugs were fixed, Microsoft only rated twelve vulnerabilities as 'Critical,' all of which are RCE flaws.
Start your patch engines - a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "Probably the worst curl security flaw in a long time." Curl 8.4.0 will hit at around 0600 UTC on October 11 and deal with CVE-2023-38545, which affects both libcurl and the curl tool, and CVE-2023-38546, which only affects libcurl.
Curl and libcurl, a client-side URL transfer library, are developed by the curl project, with the help of contributors and sponsors. CVE-2023-38545, a high severity flaw that affects both the libcurl library and the curl tool, and.
The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023....
Cybertech Europe 2023 video walkthroughIn this Help Net Security video, we take you inside Cybertech Europe 2023 at La Nuvola Convention Center in Rome. Tackling cyber risks head-on using security questionnairesIn this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data.
The November Patch Tuesday cumulative update will include the Moment 4 features and updates. This patch Tuesday will include the last updates for Windows 11 21H2 and Microsoft Server 2012/2012 R2. The later go into Extended Security Support starting with a November release, and Microsoft also announced the keys used to enable these updates will be managed as part of Azure Arc.
Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded...
Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as...