patch management

Microsoft will start issuing separate KB identifiers for updates to Windows 11 (versions 24H2 and 25H2) and Windows Server 2025 beginning with the January 2026 security update, a small-looking administrative change that carries outsized implications for enterprise patching, telemetry, and the...

The Linux kernel CVE-2025-38483 disclosure fixes a small but meaningful defensive-programming error in the COMEDI das16m1 driver that could lead to an out‑of‑bounds left-shift when a user-supplied IRQ number is used without sanity checks. The upstream patch enforces explicit bounds on the...

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog — an archival Microsoft PowerPoint code-injection flaw (CVE-2009-0556) and a newly disclosed, critical HPE OneView code-injection/remote-code-execution vulnerability (CVE-2025-37164) — citing evidence of...

On October 14, 2025 Microsoft formally ended mainstream security updates for Windows 10, leaving millions of otherwise serviceable PCs exposed to future vulnerabilities — but you do not have to treat that as an inevitable decline into insecurity. With a carefully chosen set of free tools and a...

Cyble's year‑end vulnerability digest warns of a clear and unsettling shift: weekly disclosures have spiked to levels that, in Cyble's analysis, are roughly double the long‑term pace, producing a sustained cadence of high‑severity flaws and rapidly appearing Proof‑of‑Concepts (PoCs) that...

MariaDB servers across multiple release lines are vulnerable to a denial‑of‑service crash (CVE‑2023‑52970) when processing certain queries that exercise the Item_direct_view_ref::derived_field_transformer_for_where logic, and operators should treat this as an immediate patching priority...

CISA says it has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog — a MongoDB flaw tracked as CVE‑2025‑14847 — but independent public records show the underlying bug, vendor fixes, and active‑exploitation reports are better documented than the specific KEV entry...

A newly assigned Linux kernel vulnerability, tracked as CVE‑2025‑68366, affects the Network Block Device (NBD) driver and stems from a race that can produce a use‑after‑free when handling NBD control messages. The short technical summary is simple: code in nbd_genl_connect increments a...

A critical use‑after‑free vulnerability in the X.Org X server and Xwayland — tracked as CVE‑2025‑62229 — has been published and fixed upstream; the flaw arises in the handling of X11 Present extension notifications and can leave dangling pointers that lead to memory corruption or crashes, with...

The most consequential security decision a CIO will make in 2025 is not buying the flashiest AI detection tool — it's choosing and operating a patch management platform that actually closes the patching gap across Windows, macOS, Linux and third‑party apps in hybrid, cloud and edge estates. The...

Microsoft pushed an unscheduled out‑of‑band update after December’s Patch Tuesday to remediate a damaging regression in Microsoft Message Queuing (MSMQ) that prevented many applications and IIS‑hosted services from writing messages to disk. The failure was traced to a security hardening that...

Microsoft has issued emergency, out-of-band updates to repair a disruptive side effect of its December security patches that left Message Queuing (MSMQ) unable to write its storage files on a wide range of Windows client and server releases, a problem that forced immediate mitigation steps in...

Microsoft acknowledged and — in some server channels — already shipped out-of-band patches that address a disruptive December 2025 regression which broke Microsoft Message Queuing (MSMQ) for many enterprise deployments, and administrators now face a short-term choice between applying...

Axis Communications has issued an urgent software update cycle after security researchers disclosed multiple, high‑impact vulnerabilities in its Camera Station Pro, Camera Station, and AXIS Device Manager products—flaws that, in some cases, allow an authenticated user to achieve remote code...

National Instruments’ flagship engineering tool LabVIEW is the subject of a coordinated security disclosure that identifies nine memory‑corruption vulnerabilities — ranging from out‑of‑bounds reads and writes to a use‑after‑free and a stack‑based buffer overflow — which, if triggered by a...

Microsoft has warned that December’s security rollups include a change that can break Message Queuing (MSMQ) — an unexpected compatibility regression that has already caused IIS-hosted sites and legacy applications to fail, left enterprise message pipelines inactive, and forced administrators...

CISA's release of seven Industrial Control Systems (ICS) advisories on March 18, 2025, spotlights a concentrated wave of high‑severity flaws across multiple widely deployed operational technology (OT) products — most notably several Schneider Electric components, a Rockwell Automation...

A use-after-free defect in the HDF5 C library — tracked as CVE-2025-6856 and rooted in the H5FL__reg_gc_list routine in src/H5FL.c — has been publicly disclosed and confirmed by multiple independent sources; the flaw affects HDF5 1.14.6, a widely embedded library in scientific, engineering, and...

A null-pointer dereference in HDF5’s metadata cache code — tracked as CVE‑2025‑2926 — can cause application crashes when processing specially crafted HDF5 files and has been confirmed and patched upstream; operators and developers who build, ship, or accept HDF5 content must treat this as a...

Microsoft’s new native server capabilities in Windows Server 2025 are changing long‑standing assumptions about maintenance windows, uptime and operational cost — and the company’s hotpatching rollout in particular is already forcing datacenter teams to rethink update strategy, risk posture, and...