Security News
In case you were wondering, there were 26 Remote Code Execution patches, including four dubbed "Critical", although three of those seem to related bugs that were found and fixed together in a single Windows component. RCE patches generally cause the most concern, because they deal with bugs that can, in theory at least, be exploited by attackers who don't yet have a foothold on your network, which means they represent possible ways of criminals breaking-and-entering in the first place.
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit. CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in Chromium's V8 JavaScript engine, which was spotted being exploited by attackers to target Chrome users.
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities. While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as 'Critical,' including denial of service attacks, remote code execution, and privilege elevation.
20 cybersecurity projects on GitHub you should check outOpen-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. How to make developers love securityStories of the tension between developers and security teams are a longstanding feature of the software industry, stemming from the friction that security is often perceived to create.
On the positive side, Apple hosted its annual Worldwide Developers Conference this week with announcements around the new Vision Pro 'spatial computer' powered by the new visionOS, iOS 17 updates, the upcoming Sonoma OS release, new M2 hardware, and much more. On the negative side, in mid-May Apple released zero-day updates to address three critical vulnerabilities.
Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Eight of the flaws have been tagged with "Exploitation More Likely" assessment by Microsoft.
Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws. Today's Patch Tuesday is one of the smallest in terms of resolved vulnerabilities, with only thirty-eight vulnerabilities fixed, not including eleven Microsoft Edge vulnerabilities fixed last week, on May 5th. Three zero-days fixed.
Apple starts delivering smaller security updatesThe security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Fake ChatGPT desktop client steals Chrome login dataResearchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder.
Microsoft reiterated in a blog that Windows 10 22H2 is the final feature version of Windows 10 and that all editions will receive security updates through October 14, 2025. They've since followed up with Extended Stable channel update 112.0.5615.179 for Windows and Mac, as well as a Stable Channel Update for Desktop 113 for Windows, Mac and Linux.