Microsoft Patch Tuesday and patch management
- January 15, 2020
Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA.
- November 13, 2019
Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch.
- September 26, 2019
The U.S. Air Force is eyeing an expansion of its bug bounty efforts after partnering with Bugcrowd on a three-month pilot program for its cloud platform.
- September 18, 2019
Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more.
- August 20, 2019
Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important.
- August 14, 2019
Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other vulnerabilities in RDP.
- July 30, 2019
Researchers and developer Wind River disagree over how many devices and users are at risk from the URGENT/11 vulnerabilities in the VxWorks real-time operating system.
- July 23, 2019
After a description for building a remote BlueKeep exploit is posted on GitHub, experts warn that attacks in the wild are becoming more likely and users need to patch.
- July 17, 2019
Despite alerts from Microsoft and the U.S. government, more than 800,000 online systems have yet to patch the Windows RDP vulnerability two months after it was disclosed.
- July 03, 2019
U.S. Cybercom issued an alert about active exploitation of a 2-year-old Microsoft Outlook flaw, and experts say an Iranian threat group is behind the attacks.
- June 19, 2019
DHS issued the latest security advisory for BlueKeep, but it's unclear whether the repeated warnings are being heeded by organizations that have vulnerable systems on the internet.
- June 06, 2019
The NSA issued a rare warning for users to patch against the BlueKeep vulnerability on the same day a security researcher demoed an exploit leading to a full system takeover.
- June 04, 2019
Microsoft again urged users to patch against the BlueKeep vulnerability as more potential exploits surface and one researcher discovered almost 1 million vulnerable systems.
- May 23, 2019
Multiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched Windows Remote Desktop flaw called BlueKeep.
- May 15, 2019
Two years after the initial wave of WannaCry attacks, security researchers said the ransomware continues to spread to vulnerable devices even though it's not encrypting data.