Microsoft Patch Tuesday and patch management

Patch management can be a full-time job by itself. Get advice on how to install a security patch, patch deployment, tools, and policy. Also get the latest news on Microsoft Patch Tuesday and vulnerabilities and security patch management updates from other major software vendors .

Top Stories

News 12 Jan 2022
Exchange Server woes continue on January Patch Tuesday

Exchange Server admins who had to cope with a Y2K22 error to start the new year have three more vulnerabilities of varying levels of severity to resolve for Patch Tuesday. Continue Reading
By
- Tom Walat, Site Editor
News 10 Nov 2021
Exchange zero-day corrected on November Patch Tuesday

Microsoft released a security update to shut down a publicly exploited vulnerability in the beleaguered on-premises messaging platform. Continue Reading
By
- Tom Walat, Site Editor

News 13 Oct 2021
Microsoft squashes Windows zero-day on October Patch Tuesday

In addition to the publicly exploited bug, Microsoft corrected 76 flaws, including four that had been publicly disclosed, in this month's batch of security updates. Continue Reading
By
- Tom Walat, Site Editor
News 12 Oct 2021
Apple patches iOS vulnerability actively exploited in the wild

Apple said in a security advisory that it had received a report that the iOS flaw, which impacts kernel extension IOMobileFrameBuffer, 'may have been actively exploited.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Oct 2021
Admins: Patch management is too complex and cumbersome

A new survey from Ivanti shows a majority of administrators and infosec professionals feel the shift to decentralized workspaces has made patch management an even bigger headache. Continue Reading
By
- Shaun Nichols
News 06 Oct 2021
Apache HTTP Server vulnerability under active attack

Security experts are urging administrators to update their installations of Apache HTTP Server following the disclosure of a zero-day vulnerability that had been under attack. Continue Reading
By
- Shaun Nichols
News 28 Sep 2021
Microsoft releases emergency Exchange Server mitigation tool

Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Sep 2021
Microsoft details 'OMIGOD' Azure vulnerability fixes, threats

Microsoft fixed the open source OMI software during last week's Patch Tuesday, but the tech giant has struggled to get the updated agents to Azure customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Sep 2021
‘OMIGOD’ vulnerabilities put Azure customers at risk

OMI, the software agent at the center of a remote code execution flaw, is "just one example" of silent, pre-installed software in cloud environments, according to one researcher. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Sep 2021
September Patch Tuesday fixes zero-day, print spooler flaw

The two notable vulnerabilities, disclosed prior to this month's security update releases, receive permanent fixes to supersede earlier mitigation instructions. Continue Reading
By
- Tom Walat, Site Editor
News 14 Sep 2021
Google patches actively exploited Chrome zero-days

Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Sep 2021
Apple patches zero-day, zero-click NSO Group exploit

The Citizen Lab said that it found the Apple zero-day vulnerability when it was 'analyzing the phone of a Saudi activist infected with NSO Group's Pegasus spyware.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Sep 2021
'Azurescape': New Azure vulnerability fixed by Microsoft

The Azure Container Instances vulnerability would have allowed malicious actors to execute code on other customers' containers, but there have been no reports of exploitation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Sep 2021
ProxyShell attacks ramping up on unpatched Exchange Servers

Security experts say active attacks on the series of Microsoft Exchange Server flaws, which can be chained to take control of servers, are already being launched in the wild. Continue Reading
By
- Shaun Nichols
News 30 Aug 2021
New 'ProxyToken' Exchange Server vulnerability disclosed

The Exchange Server vulnerability could allow an attacker 'to copy all emails addressed to a target and account and forward them to an account controlled by the attacker.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Aug 2021
Microsoft finally issues ProxyShell security advisory

The ProxyShell advisory includes a call to patch, as well as details on which Exchange servers are vulnerable. In short: Those without the May security update are unprotected. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 26 Aug 2021
Risk & Repeat: ProxyShell problems mount

CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft Exchange servers remain online. Continue Reading
By
- Rob Wright, Senior News Director
News 25 Aug 2021
Bugs aplenty as VMware, Cisco and F5 drop security updates

Two critical updates from Cisco, remote code execution flaws in F5's Big-IP, and a half-dozen VMware security holes are among the more pressing issues for admins to address. Continue Reading
By
- Shaun Nichols
News 23 Aug 2021
CISA: ProxyShell flaws being actively exploited, patch now

Security researchers weighed in with evidence of ProxyShell exploitation by threat actors using malicious web shells and a new ransomware variant called 'LockFile.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Aug 2021
Many Exchange servers still vulnerable to ProxyLogon, ProxyShell

Tens of thousands of Exchange servers are still vulnerable to ProxyLogon and ProxyShell, and security researchers estimate honeypots represent only a small slice of those systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Aug 2021
New ransomware crew hammers on PrintNightmare bugs

PrintNightmare, the Microsoft print spooler flaws patched in July, is the favorite target for a new ransomware group known as Vice Society, according to Cisco Talos. Continue Reading
By
- Shaun Nichols
News 12 Aug 2021
Microsoft discloses new print spooler flaw without patch

The latest flaw in Windows print spooler software, which has yet to be patched, comes weeks after the PrintNightmare vulnerability and other related bugs. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Aug 2021
More printer spooler bugs resolved on August Patch Tuesday

Microsoft corrects a Windows zero-day and two publicly disclosed vulnerabilities in this month's batch of security updates. Continue Reading
By
- Tom Walat, Site Editor
News 28 Jul 2021
CISA unveils list of most targeted vulnerabilities in 2020

Attackers chased the headlines in 2020, going after the most publicized vulnerabilities in Citrix, Pulse Secure and Fortinet products, according to the U.S. government. Continue Reading
By
- Shaun Nichols
News 27 Jul 2021
Open source web app projects hailed for quickly patching bugs

Nine vulnerabilities in three popular open source SMB tools were cleaned up within 24 hours after Rapid7 reported the flaws to their development teams. Continue Reading
By
- Shaun Nichols
Podcast 22 Jul 2021
Risk & Repeat: Vulnerability patching still falling short

Many organizations still fail to patch critical vulnerabilities, even when they're under exploitation in the wild. What are the best ways to improve patching rates? Continue Reading
By
- Rob Wright, Senior News Director
News 21 Jul 2021
Hackers embrace 5-day workweeks, unpatched vulnerabilities

Bad guys are taking the weekends off too, according to Barracuda Networks, and old bugs that should have been patched months ago continue to be the most-targeted vulnerabilities. Continue Reading
By
- Shaun Nichols
News 14 Jul 2021
Microsoft's 'PrintNightmare' lingers, requires new patches

July's Patch Tuesday update includes critical fixes, but one well-known remote code execution bug might remain open for those with specific registry key settings. Continue Reading
By
- Shaun Nichols
News 14 Jul 2021
3 Windows zero-days fixed on July Patch Tuesday

Microsoft addressed 116 unique CVEs, including several corrections for Exchange Server, in this month's batch of security updates. Continue Reading
By
- Tom Walat, Site Editor
News 13 Jul 2021
Why patching vulnerabilities is still a problem, and how to fix it

Patching is still a struggle for many organizations, and challenges include limited resources, technical debt, decentralized infrastructure and much more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jun 2021
Dell BIOSConnect flaws affect 30 million devices

Eclypsium researchers discovered vulnerabilities that, if exploited, can allow remote code execution in a pre-boot environment for 128 different Dell products. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jun 2021
Apple issues patches for two more WebKit zero-days

Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jun 2021
Accellion breach raises notification concerns

Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Jun 2021
Cisco Talos: Exchange Server flaws accounted for 35% of attacks

More than one third of incidents recorded by Cisco Talos in the past three months were related to four Microsoft Exchange Server zero-days first revealed in March. Continue Reading
By
- Shaun Nichols
News 09 Jun 2021
Microsoft resolves 6 zero-days for June Patch Tuesday

The tech company confirmed there were signs of exploitation in the wild for the vulnerabilities that affect Windows desktop and server operating systems. Continue Reading
By
- Tom Walat, Site Editor
News 13 May 2021
May Patch Tuesday brings more bad news for Exchange admins

Microsoft releases four fixes for the email server product, which remains firmly in the sights of threat actors seeking new ways to exploit the system. Continue Reading
By
- Tom Walat, Site Editor
News 06 May 2021
'BadAlloc' vulnerabilities spell trouble for IoT, OT devices

A week after Microsoft revealed 25 memory allocation vulnerabilities in several IoT and OT products, some devices have been patched, while others have not. Continue Reading
By
- Arielle Waldman, News Writer
News 03 May 2021
Apple hurries out fixes for WebKit zero-days

Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild. Continue Reading
By
- Shaun Nichols
News 21 Apr 2021
Hackers exploit 3 SonicWall zero-day vulnerabilities

SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Apr 2021
Exchange Server bugs continue to bite on April Patch Tuesday

Microsoft resolves 110 vulnerabilities, including a zero-day and four public disclosures, but the company says admins should prioritize four critical bugs on Exchange Server. Continue Reading
By
- Tom Walat, Site Editor
News 13 Apr 2021
NSA finds new Exchange Server vulnerabilities

Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Mar 2021
Black Kingdom ransomware foiled through Mega password change

The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Mar 2021
'Black Kingdom' ransomware impacting Exchange servers

Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Mar 2021
RiskIQ: 69,548 Microsoft Exchange servers still vulnerable

Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Mar 2021
DearCry ransomware impacting Microsoft Exchange servers

While only a small number of DearCry ransomware victims have been reported at this time, the infections have hit organizations in the U.S., Canada, Australia and beyond. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Mar 2021
Exchange Server issues loom over March Patch Tuesday

For many organizations that rely on Exchange for reasons in addition to email, a move to a more secure messaging platform is not an option. Continue Reading
By
- Tom Walat, Site Editor
News 09 Mar 2021
Microsoft Exchange Server attacks: What we know so far

More details continue to emerge since last week's disclosure of zero-day vulnerabilities and attacks on Microsoft Exchange Server, including the broad range of potential victims. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Mar 2021
Microsoft releases tools as Exchange Server attacks increase

Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Mar 2021
Microsoft Exchange Server zero-days exploited in the wild

Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Jan 2021
Tenable: Vulnerability disclosures skyrocketed over last 5 years

New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Jan 2021
Microsoft Defender zero-day fixed for January Patch Tuesday

In addition to the fix for its antivirus software, Microsoft also corrected a publicly disclosed printer driver flaw that affected Windows client and server systems. Continue Reading
By
- Tom Walat, Site Editor
Tip 11 Jan 2021
WUfB vs. WSUS: Which handles Windows updates better?

Trying to get a handle on Windows updates can frustrate even the most seasoned administrators. Which of these two patch management tools fit best in your environment? Continue Reading
By
- Adam Fowler
News 09 Dec 2020
Microsoft closes out year with light December Patch Tuesday

In addition to the monthly security updates, Microsoft shares a fix to address a DNS cache poisoning vulnerability that affects Windows Server systems. Continue Reading
By
- Tom Walat, Site Editor
News 08 Dec 2020
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Nov 2020
Windows zero-day shut down on November Patch Tuesday

In addition to fixing the exploited Windows flaw, Microsoft rolls out a new look to the Security Update Guide that draws some criticism. Continue Reading
By
- Tom Walat, Site Editor
News 04 Nov 2020
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Oct 2020
Critical TCP/IP bug gets fixed for October Patch Tuesday

The number of security updates from Microsoft dips below the average of the previous several months, but a TCP/IP bug looms large for administrators. Continue Reading
By
- Tom Walat, Site Editor
News 24 Sep 2020
Microsoft detects Netlogon vulnerability exploitation in the wild

While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Sep 2020
Intel patches critical flaw in Active Management Technology

Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Sep 2020
SharePoint gets multiple fixes for September Patch Tuesday

There were no zero-days or public disclosures from Microsoft this month, but patches for SharePoint and Exchange should get prompt attention. Continue Reading
By
- Tom Walat, Site Editor
News 18 Aug 2020
Apache Struts vulnerabilities allow remote code execution, DoS

The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Aug 2020
Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Aug 2020
Microsoft plugs 2 zero-days on August Patch Tuesday

In addition to the actively exploited flaws, IT workers must contend with a domain controller exploit that could give an attacker administrative access. Continue Reading
By
- Tom Walat, Site Editor
News 07 Aug 2020
10 years after Stuxnet, new zero-days discovered

A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Jul 2020
'SigRed' alert: Experts urge action on Windows DNS vulnerability

Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jul 2020
DNS Server vulnerability tops July Patch Tuesday concerns

Microsoft warns administrators not to delay the deployment of a patch to shut down a critical bug in Windows DNS servers due to its potential to cause widespread damage. Continue Reading
By
- Tom Walat, Site Editor
News 06 Jul 2020
Critical F5 Networks vulnerability under attack

A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Jul 2020
Microsoft fixes Windows Codecs flaws with emergency patches

Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Jun 2020
Microsoft issues 129 fixes for June Patch Tuesday

SharePoint continues to attract attention this month, with 12 unique vulnerabilities corrected in the document sharing and storage product. Continue Reading
By
- Tom Walat, Site Editor
News 29 May 2020
Cisco servers breached through SaltStack vulnerabilities

Threat actors exploited critical SaltStack flaws, which were disclosed and patched last month, in a Cisco product to breach several of the networking company's salt-master servers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 May 2020
May Patch Tuesday brings a bevy of SharePoint fixes

Microsoft delivers corrections for 111 unique vulnerabilities with a significant number aimed at SharePoint, which may signal growing interest from attackers. Continue Reading
By
- Tom Walat, Site Editor
News 05 May 2020
Critical SaltStack vulnerabilities exploited in several data breaches

SaltStack patched two critical vulnerabilities in its software last week, but hackers used the flaws over the weekend to breach several unpatched networks and systems. Continue Reading
By
- Rob Wright, Senior News Director
- Arielle Waldman, News Writer
News 15 Apr 2020
3 zero-day fixes in heavy April Patch Tuesday release

Complications arising from the coronavirus pandemic could slow the rollout of this month's Microsoft security updates as IT teams deal with an influx of remote workers. Continue Reading
By
- Tom Walat, Site Editor
News 02 Apr 2020
Zoom zero-day vulnerabilities patched a day after disclosure

An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Mar 2020
Microsoft discloses wormable SMBv3 flaw without a patch

Microsoft disclosed a new remote code execution vulnerability associated with the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, but there's currently no patch available. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Mar 2020
Mammoth March Patch Tuesday lands on Windows admins

Microsoft delivers corrections for 115 unique vulnerabilities, including 26 bugs rated critical in one of its largest Patch Tuesday releases in recent memory. Continue Reading
By
- Tom Walat, Site Editor
News 12 Feb 2020
February Patch Tuesday resolves IE zero-day

Microsoft released security updates for 99 unique vulnerabilities, including an Internet Explorer flaw the company had notified customers about last month. Continue Reading
By
- Tom Walat, Site Editor
News 24 Jan 2020
Citrix patches vulnerability as ransomware attacks emerge

Citrix rolls out more patches ahead of schedule for CVE-2019-19781, a directory traversal vulnerability that affects Citrix ADC, Gateway and SD-WAN WANOP products. Continue Reading
By
- Rob Wright, Senior News Director
News 17 Jan 2020
Unpatched Citrix vulnerability expands as mitigations fall short

Citrix discovered another product affected by last month's vulnerability, while security researchers found an attacker blocking exploits of the vulnerability. Continue Reading
By
- Michael Heller, TechTarget
News 15 Jan 2020
NSA reports flaw in Windows cryptography core

Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA. Continue Reading
By
- Michael Heller, TechTarget
News 15 Jan 2020
January Patch Tuesday fixes cryptography bug found by NSA

The U.S. National Security Agency shared information with Microsoft about a significant spoofing vulnerability in Windows that enterprises should make a patching priority. Continue Reading
By
- Tom Walat, Site Editor
Tutorial 20 Dec 2019
Using wsusscn2.cab to find missing Windows updates

Avoid unnecessary security headaches by using the Windows Update offline scan file and PowerShell to ensure your systems have all their Microsoft patches. Continue Reading
By
- Adam Bertram
News 11 Dec 2019
December Patch Tuesday resolves Windows zero-day

Microsoft delivers the final batch of security fixes for the year with a Windows zero-day vulnerability getting top billing for administrators. Continue Reading
By
- Tom Walat, Site Editor
News 13 Nov 2019
ZombieLoad v2 disclosed, affects newest Intel chips

Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch. Continue Reading
By
- Michael Heller, TechTarget
News 13 Nov 2019
Microsoft closes IE zero-day on November Patch Tuesday

Security updates for the month also include corrections for bugs in the Hyper-V virtualization platform, Excel for Mac systems and Exchange Server. Continue Reading
By
- Tom Walat, Site Editor
Conference Coverage 13 Nov 2019
Microsoft Ignite 2019 conference coverage

Expect Microsoft to continue its cloud push at its annual conference for IT pros to get more organizations moving to Azure and its Office 365 collaboration platform. Continue Reading
By
- Tom Walat, Site Editor
News 09 Oct 2019
October Patch Tuesday resolves 59 vulnerabilities

Microsoft attempts to stamp out printing issues that originated from a faulty out-of-band patch for an Internet Explorer zero-day. Continue Reading
By
- Tom Walat, Site Editor
Tutorial 27 Sep 2019
How to work with the WSUS PowerShell module

The PoshWSUS module automates the process to synchronize and approve Windows updates. You can also use it to perform essential maintenance on the WSUS server. Continue Reading
By
- Dan Franciscus
News 26 Sep 2019
After Bugcrowd pilot, Air Force bug bounty program eyes expansion

The U.S. Air Force is eyeing an expansion of its bug bounty efforts after partnering with Bugcrowd on a three-month pilot program for its cloud platform. Continue Reading
By
- Rob Wright, Senior News Director
News 20 Sep 2019
Broken WannaCry variants continuing to spread

Researchers are still seeing surprisingly high WannaCry detection rates and they worry this points to high risks because systems still aren't being patched against threats. Continue Reading
By
- Michael Heller, TechTarget
News 18 Sep 2019
Global cryptomining attacks use NSA exploits to earn Monero

Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more. Continue Reading
By
- Michael Heller, TechTarget
News 11 Sep 2019
September Patch Tuesday addresses 2 Windows zero-days

Microsoft issues fixes for 79 unique vulnerabilities, including three public disclosures, as part of its monthly security updates. Continue Reading
By
- Tom Walat, Site Editor
Tip 04 Sep 2019
IoT security risks persist; here's what to do about them

Nontech manufacturers building IoT devices combined with resource constraints is a recipe for disaster. It's the reality of IoT security issues, and the problem isn't going away. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 21 Aug 2019
The difference between zero-day vulnerability and zero-day exploit

A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Answer 20 Aug 2019
Why is patch management important?

Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 14 Aug 2019
Microsoft discovers BlueKeep-like flaws in Remote Desktop Services

Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other vulnerabilities in RDP. Continue Reading
By
- Rob Wright, Senior News Director
News 14 Aug 2019
August Patch Tuesday corrects new 'wormable' exploits

Administrators weighed down by news of the BlueKeep vulnerability will have to contend with a similar bug some are calling DejaBlue. Continue Reading
By
- Tom Walat, Site Editor
News 30 Jul 2019
URGENT/11 VxWorks vulnerabilities affect millions of devices

Researchers and developer Wind River disagree over how many devices and users are at risk from the URGENT/11 vulnerabilities in the VxWorks real-time operating system. Continue Reading
By
- Michael Heller, TechTarget
News 23 Jul 2019
Slide deck brings BlueKeep exploit closer to the wild

After a description for building a remote BlueKeep exploit is posted on GitHub, experts warn that attacks in the wild are becoming more likely and users need to patch. Continue Reading
By
- Michael Heller, TechTarget
News 17 Jul 2019
BlueKeep blues: More than 800,000 systems still unpatched

Despite alerts from Microsoft and the U.S. government, more than 800,000 online systems have yet to patch the Windows RDP vulnerability two months after it was disclosed. Continue Reading
By
- Rob Wright, Senior News Director
News 10 Jul 2019
Microsoft patches two Windows zero-days in July Patch Tuesday

Microsoft fixed two Windows zero-day flaws as part of the July 2019 Patch Tuesday release, which also saw the remediation of 75 other vulnerabilities across Microsoft products. Continue Reading
By
- Michael Heller, TechTarget
Opinion 08 Jul 2019
Who's to blame for ransomware attacks -- beyond the attackers?

Cyberattackers are to blame for ransomware attacks, but what about companies that release flawed software or don't install patches? Our expert looks at where the buck stops. Continue Reading
By
- Kevin McDonald, Alvaka Networks