Security News
This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday provided the smallest set of updates in recent memory.
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on...
Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are...
Of these, four are rated critical - including three remote code execution vulnerabilities and one spoofing bug - and 29 important. The only vulnerability listed as publicly disclosed in Microsoft's December patch party is a speculative leaks flaw in some AMD processors tracked as CVE-2023-20588 and first disclosed in August.
Microsoft's December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. "This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were fixed," noted Satnam Narang, senior staff research engineer at Tenable.
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. The total count of 34 flaws does not include 8 Microsoft Edge flaws fixed on December 7th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5033375 cumulative update and Windows 10 KB5033372 cumulative update.
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently...
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked...
The good news for the rest of you is that December Patch Tuesday is usually light regarding CVEs reported. Exploitable across the internet, the vulnerability is ideal for a phishing exploit as it only requires the user to click on a malicious URL. A fix was included in the November Patch Tuesday updates and the CVE was reported as Known Exploited, but now it is Publicly Disclosed as well.
Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution.