In this issue: January 2023 Patch Tuesday updates and vulnerabilities patched by other vendors, including Google Chrome, Mozilla Firefox, Citrix, Linux, WordPress, Foxit Reader, and VMware.
Patch Tuesday
Patch Tuesday December 2022
Dec 13, 2022 | Blog, Patch Tuesday
This is a review of the most serious patched Patch Tuesday vulnerabilities and those of other Windows software.
November 2022 Vulnerability Digest from Action1
Nov 9, 2022 | Blog, Patch Tuesday
This digest explains the most serious vulnerabilities in popular Windows software that have been patched in October.
October 2022 Vulnerability Digest from Action1
Oct 12, 2022 | Blog, Patch Tuesday
As usual, we review the most serious vulnerabilities in popular Windows software for which patches were released in September, including those from Patch Tuesday.
September 2022 Vulnerability Digest from Action1
Sep 15, 2022 | Blog, Patch Tuesday
As usual, we review the most serious vulnerabilities in popular Windows software for which patches were released during the past month, including those from Patch Tuesday.
August 2022 Vulnerability Digest from Action1
Aug 17, 2022 | Blog, Patch Tuesday
Each month, we review the most serious vulnerabilities in popular Windows software for which patches were released during the past month, including those from Patch Tuesday.
In this issue, you will learn about patches for vulnerabilities from Microsoft, Microsoft Edge, Google Chrome, Mozilla Firefox, Foxit PDF Reader, Java, Adobe, VMware.
July 2022 Vulnerability Digest from Action1
Jul 14, 2022 | Blog, Patch Tuesday
This digest explores the most serious vulnerabilities in popular Windows software for which patches have been provided in July’s Patch Tuesday.
How to Fix Windows LSA Spoofing Vulnerability, Still Actively Exploited in the Wild
Jul 8, 2022 | Blog, Patch Tuesday
On the 1st of July 1 CISA has added...
Action1 Provides Free Automated Scripting to Mitigate Follina (CVE 2022-30190)
Jun 8, 2022 | Blog, How-to Articles, Patch Tuesday
A new and very dangerous Microsoft Windows zero-day vulnerability was recently discovered. Tracked as CVE-2022–30190, it is nicknamed “Follina”. Action1 arms internal IT departments and MSPs with advanced scripting capabilities to mitigate Follina vulnerabillity.
What Is Zero-Day Vulnerability? Zero Days Explained
Mar 22, 2022 | Blog, Patch Tuesday
A zero-day vulnerability can cause serious problems for businesses, as well as for software users. If these vulnerabilities are hacked or exploited, unauthorized individuals or automated devices can gain access to restricted system areas or software data stores. This is why a thorough approach to software patches — both from the software developer’s side and from the end user’s side — is crucial in cybersecurity and data protection.
February 2022: Microsoft Patch Tuesday Review
Feb 9, 2022 | Blog, Patch Tuesday
Microsoft squashed a total of 48 security bugs, including one zero-day vulnerability, with February’s Microsoft security updates Patch Tuesday. This figure does not include the 22 Microsoft Edge (chromium) fixes rolled out with today’s Patch release, 19 of which were actually fixed earlier this month. This brings the total number of patches released in February (so far) to 70.
Microsoft Patch Tuesday, December 2021 Review
Dec 14, 2021 | Blog, Patch Tuesday
Microsoft has just released 67 security fixes to mark this month’s Patch Tuesday. Seven of the vulnerabilities fixed today were classified as Critical and the rest as Important. December’s patch release also includes fixes for six zero-day bugs, one of which was actively exploited in the wild.
October 2021 Patch Tuesday Review: Microsoft Fixes 74 Security Flaws
Oct 13, 2021 | Blog, Patch Tuesday
In this month’s Patch Tuesday, Microsoft fixed a total of 74 vulnerabilities (81, counting Microsoft Edge for Chromium’s updates). Among the 74 bugs fixed today included four zero-day vulnerabilities, one of which was known to have been exploited in the wild. Three of the vulnerabilities were rated as Critical, one as Low, and the rest as Important.
66 Vulnerabilities Fixed in Microsoft’s September 2021 Patch Tuesday
Sep 15, 2021 | Blog, Patch Tuesday
It’s the second Tuesday of the month again — time to check out the latest patch batch. Today, Microsoft released fixes for a total of 66 vulnerabilities, three of which were deemed Critical, one rated Moderate, and the rest classified as Important. Earlier this month, Microsoft released 20 security updates for Microsoft Edge (Chromium-based), bringing the total number of CVEs fixed in September to 86.
Microsoft Patch Tuesday Survival Guide
Sep 13, 2021 | Blog, Patch Tuesday
This time of the month… The predictable Windows Security Patch Tuesday schedule allows system administrators to stay prepared with their patch implementation plans.
Learn how to be ready for Microsoft Patch Tuesday. In this article we have compiled our tips for stress-free management of important Windows updates and timely deployment of Windows critical patches.
August 2021 Patch Tuesday Patch Review: 44 Flaws And 3 Zero-Days Fixed
Aug 11, 2021 | Blog, Patch Tuesday
August Microsoft Patch Tuesday list includes fixes for a total of 44 vulnerabilities. Seven of these were rated Critical, and the rest marked Important. This month’s patch release also addresses three zero-day vulnerabilities. Let’s look at some of the most prominent patches released today and their corresponding vulnerabilities.
July 2021: Microsoft Patch Tuesday Review
Jul 15, 2021 | Blog, Patch Tuesday
Microsoft released fixes for 117 flaws in this July’s Patch Tuesday. Of the 117 vulnerabilities, 13 were marked as Critical, 103 Important, and 1 Moderate; nine were zero-day vulnerabilities, four of which were actively exploited before the patch release. The bugs included the usual blend of RCE, DOS, information disclosure, EoP, spoofing, and security bypass vulnerabilities across Microsoft’s suite of products. The volume of the latest patch release exceeds the combined totals from the last two months, and it’s the second time this year that Microsoft has packed more than 100 fixes in one Patch Tuesday batch.
Microsoft Fixes 50 Vulnerabilities on Patch Tuesday, June 2021
Jun 11, 2021 | Blog, Patch Tuesday
Keeping with its Patch Tuesday tradition, Microsoft has just released 50 security patches for a host of software products and services, including .NET Core and Visual Studio, Microsoft Office, Windows Defender, Windows Codecs Library, 3D Viewer, and Windows HTML Platform. Today’s release included patches for RCE, Elevation of Privilege, DoS, Spoofing, Information Disclosure, and Security Feature Bypass vulnerabilities.
In terms of severity, 45 of the 50 CVEs were marked “Important” and five “Critical.” Among these were seven zero-day vulnerabilities, six of which had already been exploited in the wild. Eight of the security flaws fixed today were reported by the Zero Day Initiative (ZDI). Additionally, Microsoft acknowledged reports from Google Project Zero, Google’s Threat Analysis Group, Check Point Research, Kaspersky, and FireEye, among other contributors.
Here’s an overview of the seven zero-day vulnerabilities and other noteworthy flaws fixed in June’s patch rollout.
Microsoft Patch Tuesday, May 2021 Review
May 12, 2021 | Blog, Patch Tuesday
Today, the second Tuesday of May, is Microsoft’s Patch Tuesday. This month’s patch release includes fixes for 55 CVEs – 50 classified as Important, one moderate, and four marked as critical. Microsoft also patched three zero-day vulnerabilities that were publicly disclosed but not yet exploited at the time of this release. The 55 fixes touch on various Microsoft products and services, including Exchange Server, Skype for Business, Visual Studio, MS Office, .NET Core, SharePoint Server, and Hyper-V. Along with May’s patch cycle, Microsoft also rolled out cumulative updates for all supported versions of Windows. The freshly updated Windows 10 OS builds 19041.895 and 19042.895 mostly feature enhanced security for Windows System Core Components, browsers, and other basic functions, plus a couple of new peripheral drivers and UI elements. Let’s get back to the security flaws addressed in this month’s patch dump.
Microsoft Patch Tuesday, March 2021 Review
Mar 9, 2021 | Blog, Patch Tuesday
Microsoft Patch Tuesday started early this month with an out-of-band patch release on March 2. This week’s batch fixes a total of 89 CVEs; among these are the seven out-of-band fixes from last week, ten ‘critical’ fixes, and 72 marked as ‘important.’ Two of the patches address separate zero-day vulnerabilities, one of which had already been exploited in the wild. This month’s patches cover a wide range of Microsoft products and services, including Azure, Office products, and Windows internet browsers.