Displaying items by tag: Patch Tuesday

GUEST OPINION:  Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them.

GUEST RESEACH:  Microsoft patched a whopping 157 CVEs in its inaugural Patch Tuesday for 2025. Not only is this the largest number of CVEs patched in January, it is the largest number of CVEs patched across any Patch Tuesday release since 2017. Microsoft set a record in April 2024, patching 147 CVEs. Since 2017, the average number of CVEs patched in January was 60. Prior to 2025, the largest January Patch Tuesday release was 2023, which saw Microsoft patch 98 CVEs. In 2024, Microsoft opened the year with 48 CVEs patched. Please find below a comment from Satnam Narang, sr. staff research engineer at Tenable and a full analysis in this blog.

Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity at time of publication. It also sees the publication of nine critical remote code execution (RCE) vulnerabilities. Unusually, no browser vulnerabilities have yet been published this month.

GUEST OPINION:  Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday, with evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry.

GUEST OPINION: This month, Microsoft patched two zero-day vulnerabilities that were exploited in the wild.

Microsoft has released patches for two zero-day vulnerabilities being exploited in the wild, along with fixes for another 57 CVEs on its monthly Patch Tuesday.

Microsoft has addressed 147 CVEs in its Patch Tuesday release for April, including three critical vulnerabilities.

Microsoft has released fixes for vulnerabilities detailed in 73 CVEs, including two zero-days being exploited in the wild on Patch Tuesday.

Microsoft has issued patches for 48 CVEs in its first Patch Tuesday release for the year, with no zero-day or publicly disclosed vulnerabilities among them.

Microsoft has patched 34 vulnerabilities in its final Patch Tuesday release for the year, including one zero-day flaw and three critical vulnerabilities that could be exploited remotely.

Microsoft has issued patches for 57 CVEs on Patch Tuesday this month, three of which are rated critical and 54 rated important.

Microsoft has detailed 105 vulnerabilities in its products on October's Patch Tuesday, including three zero-days and 12 critical flaws that could be exploited for remote code execution.

Microsoft has issued patches for 61 vulnerabilities on its monthly Patch Tuesday, with two zero-days among them.

Microsoft has been forced to pull an update it issued as part of its August Patch Tuesday after it was found that the patch in question, meant to fix a spoofing vulnerability in Microsoft Exchange Server, would not install properly on non-English systems.

Microsoft has released patches for 73 CVEs as part of its monthly Patch Tuesday fixes, including one for a vulnerability that is being exploited in the wild.

Microsoft has made no mention of a critical security flaw in its Azure cloud platform in its monthly issues of patches on Tuesday, though the company claimed earlier this month that it had completely fixed the issue.

The email account of US Commerce Secretary Gina Raimondo was among a slew of accounts breached at both the State and Commerce Departments by attackers, claimed to be from China, who gained access through a vulnerability in Microsoft's Azure cloud platform.

Microsoft has warned users of its products that unpatched security holes in both Windows and Office are being exploited and hinted that it could release patches for these before its next monthly release.

Microsoft has patched 70 CVEs in its Patch Tuesday releases for June, with this being the first month after a while in which no disclosed or publicly exploited zero-days have been fixed.

Microsoft has released 97 fixes, one of which is for a zero-day, on its Patch Tuesday for the current month.