Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
May 9, 2023Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)
April 11, 2023Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day.
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
March 14, 2023Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
February 14, 2023Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild.
ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now
January 31, 2023Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended.
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)
January 10, 2023Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.
CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability
December 21, 2022Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible.
Microsoft’s December 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-44698)
December 13, 2022Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).
Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073)
November 8, 2022Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild.
Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)
October 11, 2022Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws.
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
October 7, 2022Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
September 30, 2022Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.