Greg Wiseman – Noise

Patch Tuesday – July 2024

Greg Wiseman — Tue, 09 Jul 2024 20:03:58 +0000

Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.

Patch Tuesday – January 2023

Greg Wiseman — Tue, 10 Jan 2023 22:32:55 +0000

The first Patch Tuesday of 2023 sees Microsoft patching nearly 100 CVEs, including two zero-day vulnerabilities.

Patch Tuesday – December 2022

Greg Wiseman — Tue, 13 Dec 2022 21:24:06 +0000

48 new CVEs (plus 24 affecting Chromium-based Edge) published by Microsoft, including two zero-day vulnerabilities, one of which has been seen actively exploited.

Patch Tuesday – November 2022

Greg Wiseman — Tue, 08 Nov 2022 20:02:57 +0000

Microsoft has patched the two zero-day vulnerabilities in Exchange from September, along with 67 new CVEs (4 of which are also zero-days). Most vulnerabilities this month affect Windows.

Patch Tuesday – October 2022

Greg Wiseman — Tue, 11 Oct 2022 18:35:28 +0000

Microsoft has patched 96 CVEs, including zero-days affecting Windows and Office for Mac. The recent Exchange Server zero-days seen exploited in the wild remain unpatched.

Patch Tuesday – September 2022

Greg Wiseman — Tue, 13 Sep 2022 20:11:08 +0000

In this month's Patch Tuesday, we cover the 79 CVEs, including a zero-day privilege escalation, patched by Microsoft this month.

Patch Tuesday – August 2022

Greg Wiseman — Tue, 09 Aug 2022 19:34:51 +0000

Microsoft has patched 141 CVEs in their August 2022 updates, including one zero-day affecting the Microsoft Windows Support Diagnostic Tool (MSDT).

Patch Tuesday – July 2022

Greg Wiseman — Tue, 12 Jul 2022 19:40:15 +0000

One 0-day vulnerability, four Critical RCEs, and a whole bunch of fixes for Azure Site Recovery.

Patch Tuesday – June 2022

Greg Wiseman — Tue, 14 Jun 2022 19:37:50 +0000

Patches for Follina, more NFS and LDAP vulnerabilities, and the beginning of the end for IE11.

Patch Tuesday – May 2022

Greg Wiseman — Tue, 10 May 2022 19:59:20 +0000

This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows Local Security Authority (LSA) subsystem.

Patch Tuesday – April 2022

Greg Wiseman — Tue, 12 Apr 2022 18:48:11 +0000

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser.

Patch Tuesday – March 2022

Greg Wiseman — Tue, 08 Mar 2022 21:08:35 +0000

March 2022's Patch Tuesday sees Microsoft addressing 71 CVEs (excluding Chromium/Edge), 3 of which are considered Critical.

Patch Tuesday – February 2022

Greg Wiseman — Tue, 08 Feb 2022 20:43:40 +0000

February 2022's fixes from Microsoft are relatively light as far as Patch Tuesdays go.

Patch Tuesday – January 2022

Greg Wiseman — Tue, 11 Jan 2022 21:41:56 +0000

The first Patch Tuesday of 2022 sees Microsoft publishing fixes for over 120 CVEs across the bulk of their product line, including 29 previously patched CVEs affecting their Edge browser via Chromium. None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to

Patch Tuesday – December 2021

Greg Wiseman — Tue, 14 Dec 2021 22:12:53 +0000

This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228.

Using InsightVM to Find Apache Log4j CVE-2021-44228

Greg Wiseman — Tue, 14 Dec 2021 14:17:29 +0000

How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.

InsightVM Scan Diagnostics: Troubleshooting Credential Issues for Authenticated Scanning

Greg Wiseman — Wed, 03 Nov 2021 13:30:00 +0000

Scan Diagnostics will report a “vulnerable” result against assets when the Scan Engine is supplied with credentials but unable to gather local information.

Patch Tuesday – October 2021

Greg Wiseman — Tue, 12 Oct 2021 19:47:16 +0000

Today’s Patch Tuesday sees Microsoft issuing fixes for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike.

One vulnerability has already been seen exploited

Patch Tuesday – February 2021

Greg Wiseman — Tue, 09 Feb 2021 23:51:27 +0000

The second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft’s product families. Despite that, there’s still plenty to discuss this month.

Vulnerability Breakdown by Software Family

Family	Vulnerability Count
Windows	28
ESU	14
Microsoft Office