This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager.
This month’s Patch Tuesday is rather light and addresses 36 vulnerabilities, with only 7 labeled as Critical. Five of the seven Critical vulns are in Git for Visual Studio. The others are for Hyper-V and Win32k. Also, there is one actively attacked “Important” vuln in Win32k. Adobe released patches today covering Acrobat/Reader, ColdFusion, Photoshop, and Brackets.
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft Exchange, Win32k, Windows Media Foundations, and OpenType. Adobe’s Patch Tuesday was on time this month, and covers 11 vulns spread across Animate, Illustrator, Media Encoder, and Bridge.
There are reports that the CVE-2019-1402 patches are causing issues with all supported versions of Microsoft Access. Microsoft has posted a document on the issue with upcoming fix dates and workarounds.
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities
This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.
This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In addition, Microsoft has released Important patches for two actively exploited privilege escalation vulnerabilities, as well as a SQL Server RCE. Microsoft also issued two advisories for Outlook on the web and Linux Kernel vulnerabilities. Adobe issued patches today for Bridge CC, Experience Manager, and Dreamweaver.
This month’s Microsoft Patch Tuesday addresses 88 vulnerabilities with 21 of them labeled as Critical. Of the 21 Critical vulns, 17 are for scripting engines and browsers, and 3 are potential hypervisor escapes in Hyper-V. The remaining vulnerability is an RCE in the Microsoft Speech API. Microsoft also issued guidance on Bluetooth Low Energy FIDO keys, HoloLens, and Microsoft Exchange. Adobe issues patches today for Flash, ColdFusion, and Campaign.
This month’s Microsoft Patch Tuesday included a very high-risk vulnerability (CVE-2019-0708, aka BlueKeep) in Remote Desktop that impacts Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2. This vulnerability allows an unauthenticated attacker (or malware) to execute code on the vulnerable system. It is very likely that PoC code will be published soon, and this may result in a WannaCry-style attack.
UPDATE: Network Level Authentication (NLA) partially mitigates this vulnerability. QID 90788 (Microsoft Windows Network Level Authentication Disabled) can be used to find hosts that have NLA disabled. This forces the attacker to have valid credentials in order to perform RCE.
UPDATE: A new remote (unauthenticated) check was released under QID 91541. See below for details.
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.
UPDATE May 15: Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.
This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt. Two privilege escalation vulns in Win32k are reported as Actively Attacked, while another in the Windows AppX Deployment Service has a public PoC exploit.