Security News

Patch Tuesday, November 2020 Edition
2020-11-11 01:56

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
2020-11-10 21:12

Microsoft's November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution bugs. Twelve of Microsoft's 17 critical patches were tied to RCE bugs.

November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw
2020-11-10 20:43

Microsoft has plugged 112 security holes, including an actively exploited one. The most information is available about CVE-2020-17087, a Windows Kernel privilege escalation vulnerability, because it's being actively exploited in the wild and because Google disclosed it on October 29, along with PoC exploit code.

Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities
2020-11-10 13:35

Today is Microsoft's November 2020 Patch Tuesday, and Windows administrators worldwide will be running around putting out fires all day, so be nice to them. With the November 2020 Patch Tuesday security updates release, Microsoft has released fixes for 112 vulnerabilities in Microsoft products.

Week in review: Windows zero-day exploited, Patch Tuesday forecast, selecting a compliance solution
2020-11-08 09:45

Git LFS vulnerability allows attackers to compromise targets' Windows systemsA critical vulnerability in Git Large File Storage, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git version control tool, security researcher Dawid Golunski has discovered. November 2020 Patch Tuesday forecast: Significant OS changes aheadNovember Patch Tuesday and the end-of-year holidays are rapidly approaching.

November 2020 Patch Tuesday forecast: Significant OS changes ahead
2020-11-06 07:07

The Patch Tuesday updates appear to be light, so things are looking much better as we enter the final stretch for 2020. Yes, you read that correctly - not the 2020 Fall Release or Windows 10 version 2009, but Windows 10 version 20H2. Name changes once again!

Cisco Working on Patch for Code Execution Vulnerability in VPN Product
2020-11-05 09:29

Cisco informed customers on Wednesday that it's working on a patch for a code execution vulnerability affecting its AnyConnect product. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.

Patch for Critical VMware ESXi Vulnerability Incomplete
2020-11-04 16:02

VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete. VMware said the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the flaw.

Was that November's Patch Tuesday? Already? Oh, no, it's just Adobe issuing 14 emergency security fixes
2020-11-04 06:28

Adobe on Tuesday published updated versions of its Acrobat and Reader software to fix fourteen flaws, four of which have been designated "Critical." These updates should be installed as soon as possible to close off their vulnerabilities. Adobe generally issues patches on "Patch Tuesday," a date observed by many tech companies that falls on the second Tuesday of every month.

Automation software slinger SaltStack warns of stop-watching-the-election-and-patch-now bugs
2020-11-04 02:45

SaltStack has officially revealed three bugs in its code - two of them seemingly critical - and told users: "We strongly recommend that you prioritize this update." But the biz appears to have known about the bugs for months and quietly patched them over the summer. SaltStack offers open-source, Python-based automation tools.