Security News
As you know, our usual advice for Patch Tuesday boils down to four words, "Patch early, patch often." As well as the four potential RCE holes mentioned above, there's also a patch for a bug dubbed CVE-2021-1732 that is already being abused in the wild by hackers.
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. The patch released during the August 2020 Patch Tuesday rolled out in two phases and it forces secure Remote Procedure Call communication for machine accounts on Windows devices, trust accounts, as well as all Windows and non-Windows Domain Controllers.
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Last month, we reported on a bug in the Windows 10 console multiplexer driver, condrv.
"The vulnerability affects Windows 10 and corresponding server editions of the Windows OS," said Chris Goettl, senior director of product management and security at Ivanti. "The Windows Fax Service is used by the Windows Fax and Scan application included in all versions of Microsoft Windows 7, Windows 8 and Windows 10 and some earlier versions."
The Microsoft patch drop adds to the workloads for weary defenders struggling to keep pace with the volume and pace of security updates from major vendors. Earlier Tuesday, Adobe shipped fixes for multiple dangerous security holes, including a bug in the Adobe Reader that is being exploited in "Limited targeted attacks" against Windows OS users.
Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS," said Adobe on Tuesday.
Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible. The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher.
As part of the February Patch cycle, Microsoft is rolling out a new cumulative update for all supported version of Windows. The cumulative update with security fixes is rolling out to PCs with October 2020 Update, May 2020 Update, November 2019 Update, and May 2019 Update.