Qualys Blog

www.qualys.com
496 posts

December Patch Tuesday: Quiet End to the Year

This December Patch Tuesday is considerably lighter than last month’s patch releases.  While only three of the fixes were for Windows operating systems, the majority of the vulnerabilities to pay attention to are Browser/Scripting Engine-based.

Overall, this month’s updates address are fixes for 32 unique CVEs, 19 of which are critical, and 24 of which address remote code execution at varying severity levels. No active exploits are listed by Microsoft again this month.

Continue reading …

November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update

This November Patch Tuesday is moderate in volume and severity.  Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.

Continue reading …

October Patch Tuesday: 28 Critical Microsoft Vulnerabilities

Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.

Continue reading …

September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE).  According to Microsoft, one critical vulnerability impacting HoloLens has a public exploit, and there are active malware campaigns exploiting a .NET vulnerability. Microsoft has also patched the BlueBorne vulnerability that could allow an attacker to perform a man-in-the-middle attack against a Windows system.

Continue reading …

August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe

Today Microsoft released patches covering 48 vulnerabilities as part of August’s Patch Tuesday update, with 15 of them affecting Windows. Patches covering 25 of these vulnerabilities are labeled as Critical, and 27 can result in Remote Code Execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.

Continue reading …

July Patch Tuesday: 19 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released patches covering 54 vulnerabilities as part of July’s Patch Tuesday update, with 26 of them affecting Windows. Patches covering 19 of these vulnerabilities are labeled as Critical, all of which can result in Remote Code execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild.

Continue reading …

Microsoft Fixes 94 Security Issues in Massive June Update

Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.

Continue reading …

Adobe Fixes Half a Dozen Flash Vulnerabilities and More

Flash has been the top target for exploit kits and we have observed that defender behavior, i.e. how fast patches are applied along with other factors in the threat landscape could have led to a decline in the number of Flash vulnerabilities being weaponized in exploit kits.  In 2016, the time to patch 80% of Flash vulnerabilities reduced by more than half to 62 days as compared to the previous year when it was 144 days. This data is based on more than 3 billion scans performed by Qualys and could be one of the contributing factors why Flash-based attack integration in exploit kits is declining. If organizations patch quickly it gives less time for exploit kits to integrate the exploits and the chances of phishing vulnerable users reduce greatly if more machines are patched quickly.

Continue reading …

Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1

Hours before today’s Patch Tuesday release on the eve of May 8, Microsoft released an emergency updated to fix a vulnerability in their Malware Protection Engine. This critical vulnerability allows an attacker to take complete control of the victim’s machine by just sending an e-mail attachment. When the malware protection engine scans the attachment the malicious code in the file gets executed, allowing the attacker complete and full access to the computer. The attack can also be carried out by sending the file via an instant message or having the victim download the file from a website. It is absolutely essential that organizations using Microsoft Malware Protection Engine make sure that they are at version Version 1.1.13704.0 or later. Users should also check if they are patched for CVE-2017-0290, which was released for the same issue today.

In today’s Patch Tuesday update Microsoft released a total of 57 vulnerability fixes. Highest priority should go to patching 0-day issues which are actively exploited.  On top of our list is the Office patch for CVE-2017-0261 which is triggered when a victim opens an Office file containing a malformed graphics image.  The file could be delivered via email or any other means. As this is actively exploited in the wild and attackers can take complete control of the victim system, this should be treated with priority.

Continue reading …

Shadow Brokers Fix for IBM Lotus Domino Released

IBM has released a patch for Lotus Domino to plug a security flaw which was disclosed in the latest Shadow Broker revelations. Lotus Domino includes an IMAP server. IMAP or Internet Message Access Protocol is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from the mail server over a TCP/IP connection. The server contains a stack buffer overflow in the handling of mailbox names. This vulnerability affects Domino server 9.0.1FP8 and earlier versions, and this exploit has been referred to by the “EMPHASISMINE” code name by Shadow Brokers. CVE-2017-1274 has been assigned to this issue.

Continue reading …