Patch Tuesday

Security | Apr 09, 2025

Patch Tuesday comes with ransomware exploit and a fat Windows 10 delay

"It’s notable that the exploit first uses the NtQuerySystemInformation API to leak kernel addresses to user mode."

Security | Mar 11, 2025

Patch Tuesday: Windows kernel bug exploited in the wild for two years

Windows Server 16 is affected. Get patching…

Patch Tuesday | Feb 11, 2025

Patch Tuesday: A “wormable” LDAP bug and two EOP zero days fixed

Lighter than last month, mercifully, but still some urgent fixes.

Security | Jan 15, 2025

Three Hyper-V bugs exploited? Patch Tuesday is back with a bang. Take a breath...

"Users will likely revolt..."

Security | Dec 11, 2024

Microsoft reports 1020 CVEs: Adds new CLFS zero day to the mix

"Exploitation leads to SYSTEM privileges, and if this all sounds familiar, it should..."

Security | Nov 13, 2024

Patch Tuesday: Two exploited Microsoft bugs and a CVSS 9.8 "wormable" Kerberos vulnerability

Look out, also, for a decade-old Cisco ASA bug getting popped.

Patch Tuesday | Oct 09, 2024

Microsoft patches a brace of exploited zero days

Redmond pushes fixes for 117 vulnerabilities, three rated critical, five as publicly known , and eight marked as “exploitation more likely.” Beyond Microsoft, there are...

Patch Tuesday | Sep 11, 2024

Patch Tuesday: Microsoft fixes "concerning" RCE that rolls back earlier mitigations

Remote code execution bug is confusingly described as having been exploited in the wild, even though it is not believed to have left Microsoft's lab.

Security | Aug 16, 2024

Should organisations disable IPv6 to protect against "scary" wormable TCP/IP RCE?

Microsoft's confirmed the RCE bug on Patch Tuesday earlier this week (Image: ChatGPT)

CVE-2024-38063 lets unauthenticated attackers carry out remote code execution by "repeatedly sending IPv6 packets".

40