Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They […]

Continue Reading

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.” Three of the critical entries are remote code execution (RCE) vulnerabilities for Windows Point-to-Point Tunneling Protocol (PPTP). CVE-2022-41039 CVE-2022-41044 CVE-2022-41088 An unauthenticated attacker can send a specially crafted request […]

Continue Reading

November 2022 Patch Tuesday forecast: Wrapping up loose ends?

October 2022 Patch Tuesday was a little unusual last month, as it ‘kind of’ repeated itself the following week. Microsoft turned around and released a series of non-security updates that fixed some discovered connections issues – forcing many to conduct another unplanned patch cycle. They also left several zero-day vulnerabilities unresolved keeping us wondering when […]

Continue Reading

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol. October’s security update features 11 critical vulnerabilities, with the remainder being “important.” One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue […]

Continue Reading