Security News

Last month, Microsoft dealt with three zero-days, by which we mean security holes that cybercriminals found first, and figured out how to abuse in real-life attacks before any patches were available. Intriguingly for a bug that was discovered in the wild, albeit one reported rather blandly by Microsoft as Exploitation Detected, the Outlook flaw is jointly credited to CERT-UA, Microsoft Incident Response, and Microsoft Threat Intelligence.

Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. This month's Patch Tuesday fixes two zero-day vulnerabilities actively exploited in attacks.

Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.

Every month I touch on a few hot topics related to security around patching and some important updates to look out for on the upcoming Patch Tuesday. March 2023 Patch Tuesday forecast The February release was small in terms of CVEs addressed as predicted with only 33 in Windows 11 and Server 2012, and 36 in Windows 10.

We counted 75 CVE-numbered bugs dated 2023-02-14, given that this year's February updates arrived on Valentine's Day. We extracted a list and included it below, sorted so that the bugs dubbed Critical are at the top.

Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws. This month's Patch Tuesday fixes three actively exploited zero-day vulnerabilities used in attacks.

Patch Tuesday falls on Valentine's Day this year but will it be a special date? While there have been ongoing cyber-attacks of all kinds, it has been relatively quiet on the release of new patches from Microsoft. VMware released a patch back in 2021 which addressed CVE-2021-21974, a heap-overflow vulnerability, which can allow remote code execution.

Glaringly obvious at the very top of the list are the names in the Product column of the first nine entries, dealing with an elevation-of-privilege patch denoted CVE-2013-21773 for Windows 7, Windows 8.1, and Windows RT 8.1. Windows 8.1, which is remembered more as a sort-of "Bug-fix" release for the unlamented and long-dropped Windows 8 than as a real Windows version in its own right, never really caught on.

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild.It's also worth noting that the U.S. Cybersecurity and Infrastructure Security Agency has added the vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply patches by January 31, 2023.

Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known. Microsoft explains how to trigger this upgrade in the alert as Childs notes: "Situations like this are why people who scream 'Just patch it!' show they have never actually had to patch an enterprise in the real world."