patch management

  1. CVE-2024-38223: Elevation of Privilege Vulnerability in Windows Explained

    As Windows users, staying informed about security vulnerabilities is crucial to ensure the safety and integrity of our systems. Recently, a significant vulnerability identified as CVE-2024-38223 was published, indicating an elevation of privilege issue linked to the Windows Initial Machine...
  2. CVE-2024-38159: Essential Guide to Windows Security Vulnerability Mitigation

    On August 13, 2024, Microsoft published critical information regarding a newly identified security vulnerability, designated CVE-2024-38159. This vulnerability is related to Windows Network Virtualization and poses a risk of remote code execution (RCE). In this article, we will provide a...
  3. Windows 11 to Introduce Hot-Patching: A Game Changer for Updates

    Windows updates are often a point of contention for users, primarily due to the required restarts and the time they occupy. However, it appears that Microsoft is planning a significant change to how updates are applied, which could notably enhance the user experience on Windows 11. The Potential...
  4. Essential KB5037754 Update: Strengthening Windows Security Against Kerberos Vulnerabilities

    In the realm of Windows security, the continuous battle against vulnerabilities remains ever-present. Recently, steps have been released to mitigate vulnerabilities in Kerberos Signature Validation through the unveiling of KB5037754. This article delves into the essential information surrounding...
  5. AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activi

    Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...
  6. R

    Windows 10 Shared printer problems caused by updates

    After update KB5005565, my shared printers quit working on the client computer. I uninstalled the update, then they worked again. Now, after the latest update KB5006670, they quit working with different symptoms. The client computer can't connect to them over the network. The Microsoft...
  7. KB5005112: Servicing stack update for Windows 10, version 1809: August 10, 2021

    Continue reading...
  8. AA21-209A: Top Routinely Exploited Vulnerabilities

    Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...
  9. Windows 8 Latest Server 2012 Updates Removes Adobe Flash

    A few of us over at MSFN use Server 2012 security-only updates to patch Windows 8 until October 2023. However ..... As of July 2021, all of the new security only updates for Server 2012 (including KB5004294 and KB5004960) now will remove the Adobe Flash Component from Windows 8. I enjoy...
  10. KB5003240 Setup Dynamic Update for Windows 10, version 2004, 20H2, and 21H1: May 25, 2021

    Continue reading...
  11. AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

    Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...
  12. AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

    Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...
  13. AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

    Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...
  14. AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems

    Original release date: January 14, 2020 Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can...
  15. AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
  16. P

    Windows 10 Need some clarification about WSUS server

    After reading lots of articles I need still clarification about some basic facts: At first: There is a "normal" built-in Windows Updates service available in ALL Win10 versions. Beside this "basic" update mechanism there is a so called "WSUS" service. This is a separate (software) server which...
  17. AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability

    Original release date: June 17, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and...
  18. P

    Windows 10 Are there only "full" updates or does an "security updates-only" mode exist?

    From Windows 7 I know that all the updates are divided into two categories: - security-related or - optional=feature-only updates. I can setup Win7 so that only security updates are downloaded and applied. Is there a corresponding categorization in Windows 10? I prefer to download and apply...
  19. P

    Windows 10 How to download Win10 ISO WITH (!) included cumulative updates? Inject updates into ISO?

    Normally users perform the following procedure for Win10: download Win10 base package ISO directly install this Win10 base package ISO download the cumulative update apply this cumulative update onto the already installed base version I wonder whether there is a way to download an ISO WITH (!)...
  20. February 2019 Security Update Release

    Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Link Removed. Continue reading...