Krebs on Security: Microsoft Patch Tuesday, November 2023 Edition. “Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three ‘zero day’ vulnerabilities that Microsoft warns are already being exploited in active attacks.”
Krebs on Security: Microsoft Patch Tuesday, March 2023 Edition. “Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.”
Krebs on Security: Microsoft Patch Tuesday, February 2023 Edition. “Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different ‘zero-day’ vulnerabilities that are already being used in active attacks.”
The Register: Microsoft: Whoops, Patch Tuesday might screw your database connections . “Applications using the Open Database Connectivity (ODBC) interface may fail to connect after installing the November Patch Tuesday Windows updates, according to Microsoft. Users may see the apps that use the Microsoft ODBC SQL Server Driver have problems, with some attempts to access databases generating an error message when the connection fails, the software maker wrote this week in its Windows Health Dashboard.”
Krebs on Security: Microsoft Patch Tuesday, October 2022 Edition. “Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.”
Bleeping Computer: Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws. “Today is Microsoft’s September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. Five of the 63 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities.”
Krebs on Security: Microsoft Patch Tuesday, August 2022 Edition. “Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.”
Krebs on Security: Microsoft Patch Tuesday, July 2022 Edition. “Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited.”
Krebs on Security: Microsoft Patch Tuesday, June 2022 Edition. “Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now.”
Bleeping Computer: Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws. “Today is Microsoft’s May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today’s update, eight are classified as ‘Critical’ as they allow remote code execution or elevation of privileges.”
The Register: Microsoft’s huge Patch Tuesday includes fix for bug under attack. “Microsoft’s massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed. In total, the Redmond giant patched over 100 bugs today, including 10 critical remote code execution (RCE) vulnerabilities.”
The Register: Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops. “Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected. There was a time when out-of-band updates from Microsoft were considered a rarity. Not so much these days.”
BetaNews: Windows 10 update saga continues as Microsoft re-releases KB5001649 printing patch. “Over the weekend we reported that Microsoft had paused the rollout of the out-of-band patch for the ongoing printing problems in Windows 10. The cessation came after reports of installation problems associated with the fix. Now it appears that the company has re-released the KB5001649 update, but it remains to be seen whether this finally brings to an end the lengthy and embarrassing saga for Microsoft.”
BetaNews: Windows 10 update farce continues as Microsoft pulls the plug on problematic printing patch. “Over the last week or so, we have reported about printing problems that followed the release of March’s updates, and the subsequent string of patches that not only failed to fix things but, in many cases, actually made things worse. Now the fubar’d fix has been deemed so problematic that Microsoft has taken the decision to pull it.”
Neowin: Microsoft releases additional updates to resolve some more printer problems. “The updates should be available – as optional – to users on Windows 10 versions 1507, 1607, 1803, 1809, 1909, 2004, 20H2, and Insiders on 21H1, but Microsoft recommends you to proceed with the update only if you’re affected by the problem.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.