Security News

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. Windows 10 users should note that while the operating system installs all monthly patch roll-ups in one go, that rollup does not typically include.

For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical. The Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.

The Microsoft patch drop adds to the workloads for weary defenders struggling to keep pace with the volume and pace of security updates from major vendors. Earlier Tuesday, Adobe shipped fixes for multiple dangerous security holes, including a bug in the Adobe Reader that is being exploited in "Limited targeted attacks" against Windows OS users.

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw. Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day. With today's update, Microsoft has fixed for 56 vulnerabilities, with eleven classified as Critical, two as Moderate, and 43 as Important.

SolarWinds Orion exploited by another group of state-sponsored hackersAnother group of state-sponsored hackers has exploited the ubiquity of SolarWinds software to target US government agencies, Reuters reported on Tuesday. February 2021 Patch Tuesday forecast: The human communication aspectWe spend a lot of time each month discussing the technical details surrounding vulnerabilities, software updates, and the tools we use for patch management in our organizations.

We spend a lot of time each month discussing the technical details surrounding vulnerabilities, software updates, and the tools we use for patch management in our organizations. It is critical that these application owners and administrators have a direct and ongoing channel of communication with the security analysts and IT administrators to ensure they are in 'lock step' as they identify critical vulnerabilities, prioritize the patches, and execute the updates to protect their infrastructure.

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it's not entirely clear how this is being exploited.

Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.

Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day. One of the latter - a zero-day RCE affecting Microsoft Defender antivirus - is being exploited in the wild, but Microsoft didn't reveal more about these attacks.