NEW ACTION1 PLATFORM: NOW WITH MACOS SUPPORT

This Wednesday | 12 PM EST / 11 AM CET

When new patches and product updates are released, you must act quickly before threat actors target your organization with malicious attacks. Action1 has got you covered. Get a comprehensive review of the most critical vulnerabilities patched in the past month, including the Microsoft Patch Tuesday updates and patches from various third-party vendors.

December 2024 Patch Tuesday overview

This final Patch Tuesday of 2024 delivers 70 vulnerability fixes from Microsoft, a noticeable decrease compared to the previous month, possibly signaling a seasonal slowdown as the year nears its end. Among these, 16 are classified as critical. Notably, only one zero-day vulnerability has been addressed, and it includes a proof of concept.
In this Vulnerability Digest, we cover both Microsoft vulnerabilities, including third-party updates from web browsers, Mitel MiCollab, Cisco, Veeam, Zabbix, WordPress, 7-Zip, Linux, Citrix, Apple, Palo Alto Networks, VMware, and Ivanti.

EXPLORE VULNERABILITY DIGEST BLOG POST           WATCH VULNERABILITY DIGEST WEBINAR RECORDING

Next Patch Tuesday webinar – January 15

Don’t miss the next “Vulnerability Digest from Action1” webinar on January 15 at 12 PM EST / 6 PM CET to be among the first to get all the updates and strategies to protect your systems from potential cyber threats and ensure the smooth functioning of your servers and workstations.

Recent Updates

Alex Vovk photo

November 2024

Microsoft patched 88 vulnerabilities, two zero-days, one with a proof of concept. Also inside: third-party updates from web browsers, Apple, Cisco, Android, WordPress, GitLab, IBM, NVIDIA, VMware, Atlassian, Samsung, Kubernetes, and GitHub.

Alex Vovk photo

October 2024

118 patched vulnerabilities from Microsoft, two zero-days, both with proof of concept. Also inside: third-party updates from Mozilla Firefox, Apple, Zimbra, NVIDIA, Cisco, ESET, GitLab, VMware, Adobe, and Ivanti.

Alex Vovk photo

September 2024

Microsoft has addressed 79 vulnerabilities, including four zero-days. Also inside: updates for web browsers, Veeam, GitHub, Fortra FileCatalyst, Adobe, Ivanti, and Industrial Control Systems.

Alex Vovk photo

August 2024

Fixes for 87 vulnerabilities were announced, including six zero-days, Also inside: vulnerabilities uncovered in Windows Kernel and Windows SmartScreen and third-party updates from web browsers, Progress Software WhatsUp Gold, Mailcow and Roundcube, Android, VMware ESXi, Zoho, etc.

Alex Vovk photo

July 2024

Microsoft addressed a record 142 vulnerabilities for the year, two are zero-days and five are critical. Third-party vulnerabilities include Google Chrome, Android, OpenSSH, Splunk, CocoaPods for Swift, Cisco, Juniper, GitLab, FileCatalyst, Siemens, MOVEit Transfer, and VMware.

Alex Vovk photo

June 2024

Microsoft patched 51 vulnerabilities, one critical, no zero-days. Third-party vulnerabilities covered: Google Chrome, Mozilla Firefox, PHP, Azure, Check Point, GitHub, Rockwell, Veeam, Fluent Bit, and QNAP.

Alex Vovk photo

May 2024

61 vulnerabilities addressed by Microsoft, two zero-days, one of which has a proof of concept (PoC) available. Also inside: issues found in Intel, AMD Processors, Aruba, WordPress, Artificial Intelligence, Cisco, Ivanti, Putty, Palo Alto, and LG WebOS, web browsers, etc.

Alex Vovk photo

April 2024

Fixes for 151 vulnerabilities were announced, no zero-days, three critical. Also inside: issues found in HTTP 2.0, Flowmon, Ivanti, Linux, Splunk, Anyscale Ray AI, Apple, GLPI, Fortinet, Atlassian, Fortra, Cisco, Kubernetes, web browsers, etc.

Alex Vovk photo

March 2024

Microsoft has fixed a total of 60 vulnerabilities, no zero-days, two critical. Also inside: issues found in Jet Brains Team City, Zeek, VMware, Apple, Smart Toys, ConnectWise ScreenConnect, Joomla, SolarWinds, ESET, Linux, and Node.js., web browsers, etc.

Alex Vovk photo

February 2024

Microsoft has addressed a total of 73 vulnerabilities, two zero-days, five critical. Also inside: issues found in GitLab, Jenkins, Android, Vinchin Backup & Recovery, ModSecurity, WhatsApp, Apple, JetBrains, Cisco, VMware, Linux, Fortinet, Ivanti, web browsers, etc.

Alex Vovk photo

January 2024

Microsoft has addressed a total of 48 vulnerabilities, two critical vulnerabilities. Also inside: issues found in Google Chrome, Google Web Toolkit, Mozilla Firefox, Apache solutions, Barracuda, ESG, Apple, Linux, ESET, Ivanti, OpenSSH, Perforce Helix Core Server, and Dell.

Alex Vovk photo

December 2023

Microsoft patched 34 vulnerabilities, no zero-days, and four critical. Also inside: issues found in Chrome, Firefox, WordPress, Web Password Managers, Atlassian, Cisco, Bluetooth, VMware, Zyxel, Apple, Qlik Sense, ownCloud, CrushFTP, FortiSIEM, AMD, and Intel.

Alex Vovk photo

November 2023

Microsoft patched 63 vulnerabilities, three zero-days, and three critical. Also inside: issues found in Google Chrome, Mozilla, Firefox, Veeam ONE, Apache ActiveMQ, Atlassian, Kubernetes ingress-nginx, Cisco, Citrix, VMware, SolarWinds, Oracle, Exim, and SysAid.

Alex Vovk photo

October 2023

Microsoft released patches for 103 vulnerabilities, including three zero-days, 16 considered critical. Also inside: issues found in Google Chrome, Firefox, Apple, Linux, Atlassian, Progress Software WS_FTP, Jet Brains Team City, Exim, Cisco, Nagios, and Kubernetes.

Alex Vovk photo

September 2023

Microsoft has addressed 61 vulnerabilities, including two zero-days and five critical. Also inside: issues found in Android, Google Chrome, Firefox, Ivanti, SCADA, Citrix, Splunk, Notepad++, Juniper, Apple, Skype, WinRAR, Intel, AMD, and Siemens.

Alex Vovk photo

August 2023

Microsoft has addressed 74 vulnerabilities, including one zero-day and six critical. Also inside: issues found in Azure, Chrome, Firefox, Ivanti, Canon, Ubuntu Linux, AMD, MikroTik, Atlassian, Apple, and Adobe ColdFusion.

Alex Vovk photo

July 2023

Microsoft has resolved a record-breaking number of 142 vulnerabilities, including six zero-days and 9 critical. You will find inside: issues found in MOVEit, Firefox, Android, Cisco, Microsoft Teams, Linux, ChatGPT, FortiGate, VMware and Apple.

Alex Vovk photo

June 2023

Microsoft has resolved 86 vulnerabilities, fixes for new and existing issues. Also: updates for Windows Protected Process Light, Google Chrome, Firefox, Gitlab, Mikrotik RouterOS, Mobile Devices Fingerprint, Barracuda Email Gateway, Libre Office, Linux, and Apple.

Alex Vovk photo

May 2023

This Patch Tuesday, Microsoft has resolved 39 vulnerabilities, two zero-days and six critical vulnerabilities. In this issue you’ll also find updates about fixes for Google Chrome, Mozilla Firefox, Apache, Service Location Protocol, VMware, Apple, Intel and Linux.

Alex Vovk photo

April 2023

In this Patch Tuesday release, Microsoft has addressed a total of 102 vulnerabilities, two zero-days and seven critical. In this issue you’ll also find updates about fixes for Microsoft Snipping Tool, Google Chrome, Firefox, Android, Bing, IEEE 802.11 Wi-Fi protocol, and Apple.

Alex Vovk photo

March 2023

This Patch Tuesday, Microsoft fixed a total of 74 vulnerabilities, nine critical fixes, and two zero-days. Explore this issue also for updates about fixes for Microsoft Office and Intel Processors in Windows OS fixes, TPM 2.0, Google Chrome, Jenkins, Veeam and Android.

Alex Vovk photo

February 2023

The February Patch Tuesday brought 75 fixed vulnerabilities, six critical updates and three zero-day vulnerabilities. Zoom in for details about fixes for Google Chrome, Mozilla Firefox, OpenSSL, Jira, Oracle and Apple.

Alex Vovk photo

January 2023

The first Patch Tuesday of 2023 brings us 98 fixed vulnerabilities from Microsoft, 11 critical fixes, and one zero-day. In this issue, you’ll also find updates about fixes for Google Chrome, Mozilla Firefox, Citrix, Linux, WordPress, Foxit Reader, and VMware.

Alex Vovk photo

December 2022

December Patch Tuesday brings us 52 fixes from Microsoft. There are seven critical updates, including one zero-day. In this issue, you’ll also find updates about fixes for Internet Explorer, Google Chrome, Mozilla Firefox, Avast, Foxit Reader, VLC Media Player and Zoom.

Alex Vovk photo

November 2022

68 vulnerabilities were fixed by Microsoft in November, ten critical updates and six fixed zero-days. In this issue, you’ll also find updates about fixes for Google Chrome, Mozilla Firefox, Oracle, Zoom and Cisco.

Frequently asked questions

What is Patch Tuesday?

Patch Tuesday is a scheduled release day for software patches, primarily used by Microsoft, to fix security vulnerabilities, bugs, and performance issues in its software products like Windows, Office, and Azure. It occurs monthly and aims to standardize the process of delivering security updates to ensure devices remain protected. Coordinating updates in this way allows organizations to prepare in advance, reducing downtime and allowing IT teams to plan maintenance schedules around expected changes. The approach helps maintain a safer software ecosystem, reducing the chances of cyberattacks exploiting known vulnerabilities. Over time, Patch Tuesday has become a widely recognized term across the tech industry, highlighting the importance of regular and predictable software maintenance.

When is Patch Tuesday?

Patch Tuesday happens on the second Tuesday of each month. Microsoft established this monthly schedule to provide a regular cadence for updating its software products. This predictable timing allows IT departments and end-users to prepare for and implement updates with minimal disruption, making it easier to incorporate patches into maintenance plans. By aligning security updates to a set day, Microsoft helps prevent vulnerabilities from remaining unpatched for extended periods. This cycle, often supplemented by additional security advisories, helps secure systems promptly against emerging cyber threats, making Patch Tuesday a crucial date in cybersecurity.

What kind of information is released during Patch Tuesday?

During Patch Tuesday, Microsoft publishes security bulletins detailing the vulnerabilities addressed, their severity levels, and the specific products affected. This information includes patch descriptions, known issues, and any required steps for implementing updates. Each update is rated based on the risk level (e.g., “Critical” or “Important”), allowing IT administrators to prioritize patches accordingly. Sometimes, other technical details like CVE (Common Vulnerabilities and Exposures) IDs, workarounds, and deployment recommendations are provided to help organizations apply updates efficiently. These bulletins are valuable resources for administrators aiming to maintain secure IT infrastructures and protect against potential attacks.

Who started Patch Tuesday?

Microsoft pioneered Patch Tuesday in 2003 as part of its Trustworthy Computing initiative, introduced by Bill Gates. This initiative focused on improving the reliability, security, and privacy of Microsoft products amid increasing concerns over software vulnerabilities and cyber threats. The goal of Patch Tuesday was to bring consistency to security update rollouts, making it easier for organizations to manage patches and proactively secure systems. By consolidating patches to a monthly schedule, Microsoft helped IT departments better prepare and respond to vulnerabilities, establishing a model that other companies have since adopted.

When did Patch Tuesday become popular?

Patch Tuesday gained popularity shortly after its launch in 2003 as it addressed growing concerns around cybersecurity in the early 2000s. With frequent threats like viruses and worms affecting software products, businesses and end-users alike welcomed the structured approach. The concept quickly became ingrained in IT culture as it simplified patch management and provided a predictable schedule for crucial security updates. Over time, the increasing frequency of cyberattacks and reliance on Microsoft software solidified Patch Tuesday’s importance, making it a standard practice not only for Microsoft but also a model followed by other companies like Adobe and Oracle.