Security News

ICS Patch Tuesday: Siemens and Schneider Electric Address 100 Vulnerabilities
2021-07-14 14:52

Industrial giants Siemens and Schneider Electric on Tuesday released a total of two dozen advisories covering roughly 100 vulnerabilities affecting their products. The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company's products.

What follows Patch Tuesday? Exploit Wednesday. Grab this bumper batch of security updates from Microsoft
2021-07-14 06:20

Microsoft released an XL-sized bundle of security fixes for its products for this month's Patch Tuesday, and other vendors are close behind in issuing updates. The Windows goliath's batch for July has 117 patches, 13 for what's said to be critical bugs, 103 important, and one moderate.

Microsoft Patch Tuesday, July 2021 Edition
2021-07-13 21:41

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. Another 103 of the security holes patched this month were flagged as "Important," which Microsoft assigns to vulnerabilities "Whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."

July 2021 Patch Tuesday: Microsoft fixes 4 actively exploited bugs
2021-07-13 19:16

Microsoft has fixed 117 CVEs, 4 of which are actively exploited. "A pair of Windows kernel privilege elevation flaws should also be high on the patch list as they are being actively exploited. These are exactly the type of vulnerabilities in the ransomware attack toolkit, allowing threat actors to boost their user level from user to admin, for greater control over the environment. Admins should keep an eye on existing and new accounts for suspicious activity."

Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws
2021-07-13 17:47

Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. Microsoft has fixed 117 vulnerabilities with today's update, with 13 classified as Critical, 1 Moderate, and 103 as Important.

CISA orders federal agencies to patch Windows PrintNightmare bug
2021-07-13 16:23

A new emergency directive issued by the Cybersecurity and Infrastructure Security Agency orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks. CISA issued the Emergency Directive 21-04 after Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions.

SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild
2021-07-12 19:44

SolarWinds has issued an emergency patch after a critical security hole in its Serv-U Managed File Transfer and Serv-U Secure FTP was spotted being exploited in the wild. The vulnerability, discovered by Microsoft's Threat Intelligence Center and Offensive Security Research teams, can be exploited by an attacker to achieve remote code execution, and is present in Serv-U version 15.2.3 HF1 and all prior builds.

Week in review: How to improve your AD security posture, Patch Tuesday forecast
2021-07-11 09:00

How to improve your organization's Active Directory security postureActive Directory, a directory service developed by Microsoft for Windows domain networks, is most organizations' primary store for employee authentication and identity management, and controls which assets / applications / systems a user has access to. This makes Active Directory a valuable target for attackers and spur organizations to improve its security.

Did Microsoft Botch the PrintNightmare Patch?
2021-07-09 13:55

Just days after shipping an emergency Windows update to cover a dangerous code execution flaw in the Print Spooler service, Microsoft is investigating a new set of claims that its so-called 'PrintNightmare' patch has not properly fixed the underlying vulnerability. The company followed up with a blog post late Thursday insisting the emergency patch is "Working as designed" and "Effective against the known print spooling exploits."

July 2021 Patch Tuesday forecast: Don’t wait for Patch Tuesday
2021-07-09 06:00

Updates are available for Windows 7 and Server 2008/2008 R2 if you have an Extended Security Update subscription. Windows 10 21H1, released on May 18 now bundles the servicing stack updates and the latest cumulative updates into a single package.