patch management

In a surprising turn of events, Microsoft recently outlined details regarding the hotpatching feature for Windows 11's forthcoming 24H2 update, only to subsequently remove the document from its official site. This feature has been in the works for some time and is aimed at revolutionizing the...

Introduction The recent announcement of CVE-2024-38016, identified as a remote code execution vulnerability in Microsoft Office Visio, raises significant concerns for users and organizations relying on this software. As cyber threats evolve, understanding this vulnerability's depth and potential...

Introduction As digital landscapes evolve, so too do the threats that lurk within. The dynamic interplay of attackers targeting known software vulnerabilities presents ongoing challenges for system administrators and cybersecurity professionals. The inclusion of these vulnerabilities in CISA's...

Introduction Identified as CVE-2024-45824, the vulnerability garners a staggering CVSS v4 base score of 9.2, classifying it as highly critical. What's particularly troubling is its remote exploitability combined with low complexity requirements for potential attackers. This risk reflects the...

Introduction In an increasingly perilous digital landscape, vulnerabilities in software can often provide a foothold for cybercriminals intent on infiltrating systems. Citrix recently announced vital security updates for its Workspace App for Windows, designed to address multiple vulnerabilities...

On July 9, 2024, Microsoft published a critical security vulnerability associated with the Online Certificate Status Protocol (OCSP) server, identified as CVE-2024-38068. This vulnerability poses a risk of Denial of Service (DoS) attacks, which could severely affect the availability of...

Understanding CVE-2024-6291: A Focus on Windows User Security Introduction In the realm of cybersecurity, the Common Vulnerabilities and Exposures (CVE) system plays a critical role in maintaining security and awareness among both developers and end-users. CVE-2024-6291 is one such entry in the...

On July 9, 2024, the Microsoft Security Response Center (MSRC) published details regarding a critical vulnerability identified as CVE-2024-20701. This vulnerability affects the SQL Server Native Client OLE DB provider and could enable a remote attacker to execute arbitrary code on the system...

As Windows users, staying informed about security vulnerabilities is crucial to ensure the safety and integrity of our systems. Recently, a significant vulnerability identified as CVE-2024-38223 was published, indicating an elevation of privilege issue linked to the Windows Initial Machine...

On August 13, 2024, Microsoft published critical information regarding a newly identified security vulnerability, designated CVE-2024-38159. This vulnerability is related to Windows Network Virtualization and poses a risk of remote code execution (RCE). In this article, we will provide a...

Windows updates are often a point of contention for users, primarily due to the required restarts and the time they occupy. However, it appears that Microsoft is planning a significant change to how updates are applied, which could notably enhance the user experience on Windows 11. The Potential...

In the realm of Windows security, the continuous battle against vulnerabilities remains ever-present. Recently, steps have been released to mitigate vulnerabilities in Kerberos Signature Validation through the unveiling of KB5037754. This article delves into the essential information surrounding...

Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...

After update KB5005565, my shared printers quit working on the client computer. I uninstalled the update, then they worked again. Now, after the latest update KB5006670, they quit working with different symptoms. The client computer can't connect to them over the network. The Microsoft...

Continue reading...

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...

A few of us over at MSFN use Server 2012 security-only updates to patch Windows 8 until October 2023. However ..... As of July 2021, all of the new security only updates for Server 2012 (including KB5004294 and KB5004960) now will remove the Adobe Flash Component from Windows 8. I enjoy...

Continue reading...

Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...

Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...