Security News
Updates to Windows Server that were included in Microsoft's Patch Tuesday batch of fixes this week could trip up users who want to spin up new virtual machines in some Hyper-V hosts. The software giant is warning the problem can arise after installing the KB5021249 or KB5021237 updates on Windows Server or Azure Stack HCI hosts that are managed by System Center Virtual Machine Manager and are in software-defined networking-enabled environments with a network controller.
Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.
Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. Six of the 49 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.
Rackspace Hosted Exchange outage was caused by ransomwareRackspace has finally confirmed the cause of the security incident that resulted in an ongoing outage of its Hosted Exchange service: it's ransomware. Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new toolsOffensive Security has released Kali Linux 2022.4, the latest version of its popular penetration testing and digital forensics platform.
Microsoft wrapped up a lot of 'loose ends' last month with their November set of updates, but there is still some work to do before the end-of-year holiday season. Let's hope that Microsoft provides some comprehensive updates this month that can fine tune all these nagging stability and connectivity issues.
Unlike ProxyShell, the new bugs weren't directly exploitable by anyone with an internet connection and a misguided sense of cybersecurity adventure. We therefore assumed, probably in common with most Naked Security readers, that the patches would arrive calmly and unhurriedly as part of the October 2022 Patch Tuesday, still more than two weeks away.
Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws. This month's Patch Tuesday fixes six actively exploited zero-day vulnerabilities, with one being publicly disclosed.
You can up software supply chain security by implementing these measuresThe COVID-19 pandemic has been a driving force in digital acceleration, and it continues to wield its influence in how organizations and their staff embrace work. Most missed area of zero trust: Unmanageable applicationsIn this Help Net Security video, Matthew Chiodi, Chief Trust Officer of Cerby, talks about the likely hole in your security strategy.
Microsoft turned around and released a series of non-security updates that fixed some discovered connections issues - forcing many to conduct another unplanned patch cycle. The initial concern was that CVE-2022-3602 could lead to another Heartbleed situation which did result in widespread exploitation in 2014 of CVE-2014-0160 in OpenSSL. The good news is these recent CVEs are much harder to exploit, but you should update to the latest version of OpenSSL in your environment during your next patch cycle to protect yourself from the sure-to-come attacks.
Two weeks ago we reported on two zero-days in Microsoft Exchange that had been reported to Microsoft three weeks before that by a Vietnamese company that claimed to have stumbled across the bugs on an incident response engagement on a customer's network. One day ago [2022-10-11] was the latest Patch Tuesday.