#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Download Windows Update | Breaking Cybersecurity News | The Hacker News

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Mar 11, 2020
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. However, unlike last month , none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release. It's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents. Titled "LNK Remote Code Execution Vulnerability" ( CVE-2020

Update Microsoft Windows Systems to Patch 99 New Security Flaws

Update Microsoft Windows Systems to Patch 99 New Security Flaws
Feb 11, 2020
A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities. According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the remaining 87 have been listed as important. Five of the bugs are listed as publicly known at the time of release, four of which are important in severity and one critical ( CVE-2020-0674 ) that is also listed as under active attack. Microsoft warned about this zero-day vulnerability in Internet Explorer (IE) browser last month when it released an advisory without releasing a patch for millions of its affected users. As explained previously, this flaw could allow a remote attacker to execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulner

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
Jan 14, 2020
After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States. What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the  Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017. CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability According to an advisory released by Microsoft, the flaw, dubbed ' NSACrypt ' and tracked as CVE-20

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack
Dec 11, 2019
With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 moderate, and one is low in severity—brief information on which you can find later in this article. Tracked as CVE-2019-1458 and rated as Important, the newly patched zero-day Win32k privilege escalation vulnerability, reported by Kaspersky, was used in Operation WizardOpium attacks to gain higher privileges on targeted systems by escaping the Chrome sandbox. Although Google addressed the flaw in Chrome 78.0.3904.87 with the release of an emergency update last month after Kaspersky disclosed it to the tech giant, hackers are still targeting users who are using vulnerable versions of th

Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues

Microsoft Releases Patches For A Critical 'Wormable Flaw' and 78 Other Issues
May 14, 2019
It's Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users' interaction. Out of 79 vulnerabilities, 18 issues have been rated as critical and rest Important in severity. Two of the vulnerabilities addressed this month by the tech giant are listed as publicly known, of which one is listed as under active attack at the time of release. May 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager. Critical Wormable RDP Vulnerability The wormable vulnerability ( CVE-2019-0708 ) resides in Remote Desktop

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
Mar 15, 2019
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution  vulnerability in WinRAR , a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that was patched late last month by the WinRAR team with the release of WinRAR version 5.70 beta 1 impacts all prior versions of WinRAR released over the past 19 years. For those unaware, the vulnerability is "Absolute Path Traversal" bug that resides in the old third-party library UNACEV2.DLL of WinRAR and allows attackers to extract a compressed executable file from the ACE archive to one of the Windows Startup folders, where the malicious file would automatically run on the next reboot. Therefore, to successfully exploit this vulnerability and tak

Windows 10 Now Automatically Uninstalls Updates That Cause Problems

Windows 10 Now Automatically Uninstalls Updates That Cause Problems
Mar 12, 2019
Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to incompatibility or issues in new software. A new document published by Microsoft on Monday, a day before this month's Patch Tuesday, says just like Windows "automatically installs updates to keep your device secure and running at peak efficiency," the OS will now run another automatic process to uninstall problematic updates. From now on, if you receive the following notification on your device, that means your Windows 10 computer has recently been recovered from a startup failure,first sighted by Windows Latest blog . "We removed some recently installed updates

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws
Feb 12, 2019
Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps, ChakraCore, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Dynamics, Team Foundation Server, and Visual Studio Code. Four of the security vulnerabilities patched by the tech giant this month have been reported as being publicly known at the time of release, and one is being actively exploited in the wild. The vulnerability actively being exploited in the wild is rated as important and resides in the way Internet Explorer handles objects in the memory. An attacker can trick victims into landing on a specially crafted website and exploit this vulnerability, identified as CVE-201
Cybersecurity Resources