Security News

Trend Micro Zero Day Initiative's Dustin Childs says that patching CVE-2020-16875, a memory corruption vulnerability in Microsoft Exchange, should be top priority for organizations using the popular mail server. CVE-2020-0922, a RCE in Microsoft COM, should also be patched quickly on all Windows and Windows Server systems.

Should we expect a large number of updates this Patch Tuesday that will bog down our networks? Applying the updates for KB 4565351 or KB 4566782 resulted in a failure for many users on automatic updates with return codes/explanations that were not very helpful.

The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked 'Critical' and 97 listed as 'Important'. Microsoft has issued fixes for 120 vulnerabilities - including two zero-day exploits - in its latest Patch Tuesday security update for Windows 10.

Patch Tuesday used to be Microsoft's day to release patches. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four months still to go in 2020.

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it's time once again to backup and patch up!

Microsoft has plugged 120 flaws, two of which are being exploited in attacks in the wild. One is publicly known and being actively exploited, and another one is also under attack.

How can security leaders maximize security budgets during a time of budget cuts?While some security programs have become bloated, many don't necessarily deserve to be cut. Given the gravity of today's situation, it's time for security leaders to step in and do what they can to justify spending that bolsters their company's overall security posture.

The operational lifespan of an operating system version is shrinking, and the model has changed as Microsoft moved to the software-as-a-service model for Windows 10. Double check your applications to ensure compatibility as you make the operating system upgrades on these systems - you only have 2-3 months left!

Cisco has emitted 33 security bug fixes in its latest crop of software updates, five of those deemed critical. Affected devices include multiple RV-series routers, the RV110W series VPN Firewall, and the Cisco Prime License Manager.

A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft's July Patch Tuesday list of 123 fixes. "A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to a vulnerable Windows DNS server. Successful exploitation would allow the attacker to execute arbitrary code under the local system account context," wrote Satnam Narang, staff research engineer at Tenable, in the company's Patch Tuesday analysis.