patch

  • Blog

    September’s Patch Tuesday update fixes 4 zero-days – Computerworld

    Windows Update and Installer. Windows Hyper-V. Windows Kernel and Graphics (GDI). Microsoft MSHTML and Mark of the Web. Remote Desktop (RDP) and TCP/IP subsystems. The real concern is that three of these vulnerabilities (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 have been reported as exploited. In addition, another reported vulnerability in the Windows HTML subsystem (CVE-2024-38217) has been reported as publicly disclosed. Given these four zero-days,…

    Read More »
  • Blog

    SolarWinds urges customers to patch critical Web Help Desk flaw

    SolarWinds has issued a warning to customers after the discovery of a critical vulnerability in the firm’s Web Help Desk solution.  The vulnerability, tracked as CVE-2024-28986, is a Java deserialization vulnerability that could be exploited to achieve remote code execution, the company confirmed in an advisory last week. “SolarWinds Web Help Desk was found to be susceptible to a Java…

    Read More »
  • Blog

    For August, Patch Tuesday means patch now – Computerworld

    Microsoft pushed out 90 updates this week in its August Patch Tuesday release, including fixes for five Windows zero-days (CVE-2024-38178, CVE-2024-38193, CVE-2024-38213, CVE-2024-38106, CVE-2024-38107) and one zero-day affecting Office (CVE-2024-38189).  Unfortunately, this means a “Patch Now” recommendation for both Windows and Microsoft Office this month. Microsoft offered several (pretty useful) mitigations and recommendations to reduce the impact of these security issues; our testing guidance…

    Read More »
  • Blog

    Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

    Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that…

    Read More »
  • Blog

    1Password warns Mac users to patch to stop their vaults being accessed by hackers

    Password manager company 1Password has released a security advisory concerning a flaw affecting the MacOS variant of its credential storage software. One of the most popular password managers on the market, with over 15 million users in 2022, and around 150,000 businesses using the software, the vulnerability puts tens of millions of users’ password vaults at risk. Vaults are a…

    Read More »
Back to top button
close