Security News

Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "Critical" bug in the Defender security product that's being actively exploited. Security experts are urging security response personnel to pay special attention to CVE-2021-1647, which describes a remote code execution flaw in Microsoft Defender, the company's flagship anti-malware product.

Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today. With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important.

January 2021 Patch Tuesday forecast: New focus on security and software development2020 is in the rearview mirror and most of us can't get away fast enough. Review: Code42 Incydr - SaaS data risk detection and responseIncydr is Code42's new SaaS data risk detection and response solution, which enables security teams to mitigate file exposure and exfiltration risk without disrupting legitimate collaboration.

Many predictions said we were due for another major cyberattack leading into 2021, but no one foresaw this type of attack and the impact it had, leading to a new focus on security and software development. The compromise of SolarWinds brings into question the security practices of all software developers, including topics such as patching of development machines, outsourcing of code development, control and understanding of code functionality through mergers and employee turnover, code reviews and other techniques to identify security issues and many others.

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft's most-dire "Critical" label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users. Some of the sub-critical "Important" flaws addressed this month also probably deserve prompt patching in enterprise environments, including a trio of updates tackling security issues with Microsoft Office.

For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.

Microsoft has addressed 58 CVEs for its December 2020 Patch Tuesday update. Also on the Exchange front, CVE-2020-17132 addresses a patch bypass for CVE-2020-16875, which was reported and patched in September's Patch Tuesday release.

As expected, Microsoft fixed a smaller-than-usual number of CVEs on this December 2020 Patch Tuesday: 58 in total. Satnam Narang, staff research engineer at Tenable, pointed out that CVE-2020-17132 addresses a patch bypass for CVE-2020-16875, which was reported and patched in September's Patch Tuesday release.

With the December 2020 Patch Tuesday security updates release, Microsoft has released fixes for 58 vulnerabilities and one advisory for Microsoft products. Of the 58 vulnerabilities fixed today, nine are classified as Critical, 48 as Important, and two as Moderate.

Open source vulnerabilities go undetected for over four yearsFor its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation. Which security practices lead to best security outcomes?A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others to help organizations achieve goals such as keeping up with business, creating security culture, managing top risks, avoiding major incidents, and so on.