patches

  • Blog
    digitpatrox1 week ago
    26

    Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

    The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391,…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    32

    Cisco patches critical flaws in Identity Services Engine

    Cisco has rolled out software updates to address a pair of critical vulnerabilities in its Identity Services Engine (ISE) that could let hackers take over devices and access data. The flaws affect Cisco ISE and Cisco ISE Passive Identity Connector, versions 3.0 to 3.3, but not 3.4. A workaround is not possible, so a software upgrade is required. Cisco said…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    32

    AMD patches microcode security holes after accidental early disclosure

    Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation. “It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a…

    Read More »
  • Blog
    digitpatroxJanuary 20, 2025
    47

    2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

    Microsoft began 2025 with a hefty patch release this month, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional…

    Read More »
  • Blog
    digitpatroxJanuary 17, 2025
    80

    Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

    Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first.…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    86

    Cleo patches critical zero-day exploited in data theft attacks

    Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully patched Cleo software…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    144

    Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations

    A vulnerability in the popular managed file transfer (MFT) service from software company Cleo is being actively exploited by threat actors, researchers have warned. Reports from multiple security firms have warned that three different Cleo products were being attacked in the wild, including Cleo Harmony, the firm’s widely-used file transfer service capability. VLTrader, a server-side solution aimed at mid-sized corporations,…

    Read More »
  • Blog
    digitpatroxDecember 12, 2024
    91

    Microsoft Patches One Actively Exploited Vulnerability, Among Others

    December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft…

    Read More »
  • Blog
    digitpatroxNovember 30, 2024
    184

    New Windows Server 2012 zero-day gets free, unofficial patches

    Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. Windows automatically adds Mark of the Web (MotW) flags to all documents and executables downloaded from untrusted sources. These MotW labels inform the Windows operating system, Microsoft Office, web…

    Read More »
  • Blog
    digitpatroxNovember 22, 2024
    91

    Apple Patches Two Zero-Day Attack Vectors

    Apple’s latest security updates for iOS, macOS, Safari, visionOS, and iPadOS contained brief but critical disclosures of two actively exploited vulnerabilities. The tech giant said Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered the vulnerabilities. NIST lists the vulnerabilities as CVE-2024-44308 and CVE-2024-44309. What are the vulnerabilities Apple patched? Apple didn’t disclose much information about the exploitation…

    Read More »
Load More
Back to top button
close