Security News

Today is Microsoft's September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities. Microsoft also shared fixes for two flaws in non-Microsoft products, Electron and Autodesk, and four Microsoft Edge vulnerabilities on September 7th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5030219 cumulative update and Windows 10 KB5030211 updates released.

LibreOffice: Stability, security, and continued developmentLibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it's feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it's free. North Korean hackers target security researchers with zero-day exploitNorth Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit.

The last security updates will be issued next month on the October Patch Tuesday. September 2023 Patch Tuesday forecast Microsoft will probably up their game on CVEs addressed this month, but don't expect the breadth of updates we saw last month.

The August 2023 Microsoft security updates are out, with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft's offical bug listing page is topped by two special items dubbed Exploitation Detected.

August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in. There is a Microsoft Office "Defense in Depth Update" available that, according to Microsoft, stops the attack chain leading to CVE-2023-36884, a Windows Search RCE vulnerability that has been previously exploited by Russian hackers in targeted attacks.

Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities. This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks and one of them publicly disclosed.

Attackers can turn AWS SSM agents into remote access trojansMitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud instances, as well as to non-EC2 machines. August 2023 Patch Tuesday forecast: Software security improvementsThe continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software.

The continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to...

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities. "An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default," warns Microsoft.

There's been a lot of activity with Microsoft this month which may impact updates we'll see. Starting on Patch Tuesday, the application of Windows 11 22H2 KB5027231 cumulative update broke Google Chrome for users running Malwarebytes, Cisco Secure Endpoint, and WatchGuard Endpoint Security - they were not able to launch Google Chrome.