patch

  • Blog
    digitpatrox8 hours ago
    8

    Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claim

    Over 200 vulnerable internet-facing Nakivo backup and replication instances have been identified months after the firm silently patched a security flaw without publicly disclosing the issue. Security researchers at watchTowr recently published a report detailing their discovery of an arbitrary file read vulnerability in Nakivo’s central management solution. The report noted that, if exploited, the flaw could enable an attacker…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    33

    For February’s Patch Tuesday, Microsoft rolls out 63 updates – Computerworld

    Networking and Remote Desktop services Winsock: Microsoft advises that a multipoint socket (type c_root) is created and employed with the following operations: bind, connect, and listen. The socket should close successfully. DHCP: Create test scenarios to validate Windows DHCP client operations (discover, offer, request, and acknowledgment (ACK)). RDP: Ensure that you can configure Microsoft RRAS servers through netsh commands. ICS: Ensure that Internet Connection Sharing (ICS) can…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    31

    Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

    The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    34

    Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

    Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 22…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    43

    CISA orders agencies to patch Linux kernel bug exploited in attacks

    ​CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” the Android February 2025…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    34

    Zyxel won’t patch newly exploited flaws in end-of-life routers

    Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. VulnCheck discovered the two flaws in July 2024, but last week, GreyNoise reported having seen exploitation attempts in the wild. According to network scanning engines FOFA and…

    Read More »
  • Blog
    digitpatroxJanuary 20, 2025
    54

    2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

    Microsoft began 2025 with a hefty patch release this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional…

    Read More »
  • Blog
    digitpatroxJanuary 14, 2025
    72

    CISA orders agencies to patch BeyondTrust bug exploited in attacks

    ​CISA has tagged a command injection vulnerability (CVE-2024-12686) in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01, after being added to CISA’s Known Exploited Vulnerabilities catalog, U.S. federal agencies must secure their networks against ongoing attacks targeting the flaw within three weeks by February 3.…

    Read More »
  • Blog
    digitpatroxJanuary 9, 2025
    58

    SonicWall urges admins to patch exploitable SSLVPN bug immediately

    SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” In an email sent to SonicWall customers and shared on Reddit, the firewall vendor says the patches are available as of yesterday, and all impacted customers should install them immediately to prevent exploitation.…

    Read More »
  • Blog
    digitpatroxJanuary 1, 2025
    57

    What Is Patch Tuesday? Microsoft’s Monthly Update Explained

    On the second Tuesday of each month, Microsoft and other tech companies release patches for consumer and enterprise users. These updates, including bug fixes and security enhancements from the previous month, are known as “Patch Tuesday.” The monthly update is an important opportunity to ensure that security features and applications are up to date. Microsoft details the official Patch Tuesday…

    Read More »
Load More
Back to top button
close