Microsoft has published fixes for 141 separate vulnerabilities in its batch of August updates, fixing a total of 118 CVEs in multiple products. This is a new monthly record if you look at the CVE count. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share

Tripwire’s July 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the patch priority list this month are patches that resolve 2 vulnerabilities in Edge.Next is a patch that resolves a security feature bypass vulnerability in Office.Up next are patches for Adobe Reader and Acrobat that resolve 22

It’s time to triage a lot of patching again. Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of known to be exploited in the wild list that

The June 2022 Patch Tuesday may go down in history as the day that Follina got patched, but there was a host of other important updates. And not just from Microsoft. Many other software vendors follow the pattern of monthly updates set by the people in Redmond. Microsoft Microsoft released updates to deal with 60 security vulnerabilities. Undoubtedly t

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all accounts, the most urgent bug Microsoft addresse

Tripwire’s April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe.First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any vul

Last week on Malwarebytes Labs: Adobe patches actively exploited Magento/Adobe Commerce zero-dayRansomware gang hits 49ers’ network before Super Bowl kick offDon’t let scammers ruin your Valentine’s DayCISA Ransomware report warns “triple threat” attacks still on the prowlCity: Skylines developers warn of rogue modUpdate now! Chrome patches actively explo

Adobe has released an emergency advisory for users of its Commerce and Magento platforms. It explains that a critical zero-day vulnerability is actively being exploited in attacks against sites that use these two content management system (CMSs). Users should apply the patch as soon as possible. The vulnerability Publicly disclosed computer security fl

Tripwire’s January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft.First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 “LogShell” remote code execution vulnerability (CVE-2021-44228). This

Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator, Adobe Bridge, InCopy, and InDesign. 22 of these vulnerabilities were reported through the ZDI program.

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators ar

Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalatio

On what might seem a relatively calm Patch Tuesday with 55 vulnerabilities being patched, the fact that six of them were rated “Critical” and two of them actively exploited spoils the Zen factor somewhat. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share

Tripwire’s October 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Squid, Microsoft, and Adobe.First on the patch priority list this month are patches for Squid (CVE-2021-31807, CVE-2021-31806). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched