patch Tuesday | Breaking Cybersecurity News | The Hacker News

October is turning out to be a busy month for patches. This month also marks the 10-year anniversary of the Patch Tuesday program, which Microsoft started in October of 2003. Scheduled for tomorrow, Microsoft has announced that they will release eight security updates including four critical, addressing vulnerabilities in Microsoft Windows, Internet Explorer (IE), Microsoft Office and its other products. Bulletin 1 is almost certainly to a zero-day vulnerability   CVE-2013-3893   that has been actively exploited by hackers in targeted attacks.  Though Microsoft issued a temporary " Fix it " in September for the vulnerability, Bulletins 2, 3 and 4 address vulnerabilities in a wide range of Microsoft products, including Windows XP, 7 and 8, and Windows Server 2003, 2008 and 2012. Bulletins 5, 6 and 7 address vulnerabilities that could allow for remote code execution .  Bulletin 8 addresses an information disclosure vulnerability in SIlverlight and is the le

This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Software, Microsoft Windows, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. The four critical bulletins affect Sharepoint, Outlook, Internet Explorer and XP and Windows 2003. Bulletien second will address a Remote Code Execution flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the e-mail. The problem for users is that Outlook automatically displays the content of each email it previews. The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege escalati

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate

Yeah, it's Patch Tuesday once again. Almost 10 years ago in October, 2003 - Microsoft  invented the process of regularly scheduled security updates on every second Tuesday of the Month, as  Patch Tuesday. Today, the Microsoft Security team will i ssue eight security updates in total, out of that -- three of which are designated as " critical ," and rest five as " Important " updates, that patches vulnerabilities in Microsoft Windows, Microsoft Server Software, and Internet Explorer. The eight bulletins that Microsoft is releasing fixes a total of 23 different vulnerabilities in Microsoft products. Microsoft will be rolling out a total of three Critical patches dealing with Remote Code Execution. Windows 8 is expected to get four of the updates, one of them is critical and dealing with Remote Code Execution with Internet Explorer 10, while the other three updates are Important and deal with Elevation of Privilege and Denial of Service . Windows RT i

Microsoft has announced   Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities . Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will apply to all versions of Internet Explorer from IE6 on Windows XP to IE10 on Windows 8 . Often targeted by attackers to perform drive-by malware download attacks, remote code execution flaws allow an attacker to crash an application and launch malware payloads often without any sort of notification or interaction form the user. The Windows 8 maker is also patching a kernel vulnerability disclosed at the beginning of June by Google researcher Tavis Ormandy . The issue is to do with Windows kernel's EPATHOBJ::pprFlattenRec function (CVE-2013-3660) and after Ormandy released the exploit code, Metasploit module was developed to exploit the bug. The company is planning to release the updat

This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical  zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets. Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch that can prevent an exploit that enables remote code execution in the browser. This affects all Windows operating systems except XP. The vulnerability ( CVE-​​2013-​​1347 ) had previously been addressed in a workaround yesterday , but given the way it was being exploited with attacks reported on the US Department of Labor and European aerospace and nuclear researchers the patch has been prioritised. A second bulletin deals with another IE vulnerability believed to be one disclosed in March at the annual Pwn2Own hacking competition. At least four of the patches require a restart, Microsoft said. The remaining eight patches will address flaws that range from denial-of-servic

Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important. The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.  The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations. The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software a

During  March Patch Tuesday of 2013 , Microsoft released seven new security bulletins, with four rated as critical, and others as Important. Most interesting one was MS13-027 , which is rated as "important" because the attack requires physical access to the vulnerable machine. This flaw allows anyone with a USB thumb drive loaded with the payload to bypass security controls and access a vulnerable system even if AutoRun is disabled, and the screen is locked. Flaw exposes your Windows PCs to major risk. If you remember Stuxnet, worm was injected to Iran's nuclear program system using USB thumb drive. Windows typically discovers USB devices when they are inserted or when they change power sources (if they switch from plugged-in power to being powered off of the USB connection itself). To exploit the vulnerability an attacker could add a maliciously formatted USB device to the system. When the Windows USB device drivers enumerate the device, parsing a speciall

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating system. These flaws are considered "critical" and could allow remote code execution on vulnerable systems. Among the various flaws, versions from Windows XP (Service Pack 3) all the way through to Windows 8 are affected, including versions of the Office suite, and versions of Windows Server. Released only in September, Windows Server 2012 requires patching to maintain maximum security. If you've enabled automatic updates, the patches will automatically install on Tuesday. As usual, the specific details about what is being fixed in these updates won't be revealed until the patches themselves are available for download in order to not give hacker groups an advance