Security News

Log4Shell exploitation: Which applications may be targeted next?Spring4Shell has dominated the information security news these last six days, but Log4Shell continues to demand attention and action from enterprise defenders as diverse vulnerable applications are being targeted in attacks in the wild. Security flaws found in 82% of public sector software applicationsVeracode has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors.

Microsoft announced that Windows Autopatch, a service designed to automatically keep Windows and Office software up to date, will be released in July 2022. Windows Autopatch is a new managed service offered for free to all Microsoft customers who already have a Windows 10/11 Enterprise E3 or above license.

March Patch Tuesday releases followed in the footsteps of February with low numbers of CVEs reported and resolved, and all updates rated as important except one critical update for Microsoft Exchange Server. Could April Patch Tuesday provide the deluge of critical updates we were expecting last month?

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update - only three of which are rated critical in severity. Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild.

Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown "Critical" ones and three "Important" ones that were already public. "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client," says Dustin Childs, with Trend Micro's Zero Day Initiative.

Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws. Microsoft has fixed 71 vulnerabilities with today's update, with three classified as Critical as they allow remote code execution.

March 2022 Patch Tuesday forecast: Pressure mounts to resolve vulnerabilitiesFebruary 2022 Patch Tuesday was an anomaly. How to empower IT Sec and Ops teams to anticipate and resolve IT problemsEvery IT system administrator knows the misery of facing a problem for which the root cause requires hours to unearth, all the while part of the IT infrastructure entrusted to them is unavailable to users, open to attack, or not compliant with mandatory security standards.

Not only did we see record low numbers of vulnerabilities addressed across all of Microsoft's operating systems, but we also saw for the first time in my experience that all the updates were only rated Important. After the reissuing of updates in January, we expected fewer CVEs would be addressed as Microsoft focused on stable updates in February, but this was unprecedented.

Oh, blessed day: Microsoft's Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches - none of them rated critical. February's patch-a-palooza is light not just in number of CVEs, but also in that it comes with nary a single patch that's labeled critical.

February 2022 Patch Tuesday is here and it's all-around "Light" - light in fixed CVE-numbered vulnerabilities, extremely light in critical fixes, and light in exploited vulnerabilities. Mac users of Microsoft Outlook may also want to patch CVE-2022-23280, a feature bypass vulnerability, quickly.