< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 39 of 104

Microsoft March Patch Tuesday: 84 Flaws, 2 Zero-Days

🔒Microsoft released its March Patch Tuesday updates addressing 84 security vulnerabilities, including two publicly disclosed zero-days. Of the fixes, eight are rated Critical and 76 Important, spanning privilege escalation, remote code execution, information disclosure and other classes. The highest-scoring issue is CVE-2026-21536 (CVSS 9.8) in the Microsoft Devices Pricing Program, which Microsoft says is fully mitigated. Administrators should review MSRC advisories and apply updates based on risk and exposure.
read more →

Microsoft Patch Tuesday — March 2026 Security Fixes

🔒 Microsoft released fixes for at least 77 vulnerabilities across Windows and related products in its March 2026 Patch Tuesday. Two issues were previously disclosed publicly, including a SQL Server privilege elevation (CVE-2026-21262) that can allow network-based escalation to sysadmin. Several critical remote code execution bugs in Microsoft Office and other components, plus a notable AI-discovered 9.8-rated RCE (CVE-2026-21536), merit prioritized attention. Administrators should review privilege escalation and RCE patches first and monitor for any post-update issues.
read more →

March Patch Tuesday: High-Severity Microsoft Office Flaws

🛡️ Microsoft’s March Patch Tuesday addresses 78 vulnerabilities, led by three high-severity flaws in Microsoft Office, including an Excel information-disclosure bug (CVE-2026-26144) and two remote-code-execution issues (CVE-2026-26113, CVE-2026-26110). While Microsoft reports no known zero-day exploitation, experts urge expedited patching, restricting outbound Office traffic, and limiting AI automation such as Copilot Agent to mitigate potential silent exfiltration and preview-pane attack vectors.
read more →

Microsoft March 2026 Patch Tuesday: 79 Vulnerabilities

🔒 Microsoft issued its March 2026 Patch Tuesday addressing 79 vulnerabilities, three of which were marked critical though assessed as less likely to be exploited. The critical issues include Office remote code execution bugs (CVE-2026-26110, CVE-2026-26113) and an Excel information-disclosure flaw (CVE-2026-26144). Important fixes affect SharePoint, SQL Server and multiple Windows components. Cisco Talos published Snort and firewall rules to detect exploitation attempts and urges customers to apply patches and rule updates promptly.
read more →

Zombie ZIP evasion technique bypasses AV and EDR protections

🧟 A new 'Zombie ZIP' technique hides malware by declaring compressed entries as uncompressed, causing many AV and EDR engines to misinterpret DEFLATE data as raw bytes and miss signatures. Researcher Chris Aziz reported it bypassed 50 of 51 VirusTotal engines and published a PoC with sample archives. CERT/CC assigned CVE-2026-0866 and advises vendors to validate compression method fields and implement integrity checks.
read more →

Microsoft Releases Windows 10 KB5078885 Security Update

🔒 Microsoft has released the Windows 10 KB5078885 extended security update for Enterprise LTSC and ESU devices. Install via Settings → Windows Update to move systems to build 19045.7058 (or 19044.7058 for LTSC 2021); the update consolidates March 2026 Patch Tuesday fixes that address 79 vulnerabilities, including two actively exploited zero-days. It also fixes a shutdown/hibernation bug and advances a controlled rollout of new Secure Boot certificates to maintain boot-time validation.
read more →

Microsoft March 2026 Patch Tuesday: 79 Flaws, 2 Zero-Days

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.
read more →

Windows 11 KB5079473 and KB5078883 Updates Released

🛡️ Microsoft released cumulative updates KB5079473 and KB5078883 for Windows 11 (25H2/24H2 and 23H2) delivering the March 2026 Patch Tuesday security fixes, bug repairs, and new features. These mandatory updates can be installed via Start > Settings > Windows Update or downloaded from the Microsoft Update Catalog, and will increment build numbers for each channel. Highlights include expanded Secure Boot certificate targeting, a native Sysmon option, Emoji 16.0 additions, Quick Machine Recovery, and multiple reliability and UX improvements.
read more →

HPE warns of critical AOS-CX flaw allowing admin resets

🔒 HPE has released patches for multiple vulnerabilities in the AOS-CX network OS, including a critical authentication bypass (CVE-2026-23813) that can allow unauthenticated actors to reset administrator passwords via the web management interface. The company reports no known public exploits at publication. Until updates are applied, HPE recommends isolating management interfaces, enforcing ACLs, disabling unnecessary HTTP(S) on SVIs and routed ports, and increasing logging and monitoring.
read more →

Nine LeakyLooker Cross-Tenant Flaws in Google Looker Studio

🔒 Cybersecurity researchers disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have allowed attackers to execute arbitrary SQL and exfiltrate data across Google Cloud projects. Tenable has labeled the set of flaws LeakyLooker; there is no evidence of active exploitation and Google patched the issues after responsible disclosure in June 2025. Affected connectors include BigQuery, Spanner, Google Sheets, PostgreSQL, MySQL and many JDBC-based sources, and several bugs could retain stored credentials or enable one-click data exfiltration via crafted reports.
read more →

Apeman ID71 Camera Vulnerabilities Allow Remote Control

🔒Apeman ID71 cameras contain multiple remote-exploitable vulnerabilities, including CVE-2025-11126, CVE-2025-11851, and CVE-2025-11852. One issue, CVE-2025-11126, carries a CVSS v3.1 base score of 9.8 and involves insufficiently protected credentials. Proof-of-concept exploits for all three have been publicly disclosed and the vendor did not respond to coordination; CISA recommends isolating devices and minimizing network exposure.
read more →

Unauthenticated File-Upload Flaw in Ceragon Siklu Devices

⚠️ A vulnerability in Ceragon / Siklu EtherHaul and MultiHaul microwave antennas allows unauthenticated uploads to any writable path via the rfpiped service on TCP port 555. File metadata uses weak encryption while file contents are transmitted in cleartext, and no authentication or path validation is performed. The issue is tracked as CVE-2025-57176 with a CVSS v3.1 base score of 5.3. Vendor firmware updates are available and should be applied promptly.
read more →

Honeywell IQ4x BMS Controller Critical Authentication Flaw

⚠️CISA warns that Honeywell IQ4x Building Management System controllers expose a factory-default web HMI without authentication (tracked as CVE-2026-3611). An unauthenticated actor able to reach the HTTP interface can create administrative accounts via the U.htm function, gain full read/write control, and potentially lock out legitimate operators. Honeywell has not issued a patch; apply network mitigations immediately.
read more →

Lantronix EDS3000PS and EDS5000 Critical Vulnerabilities

⚠️ Lantronix EDS3000PS and EDS5000 devices contain multiple critical vulnerabilities, including OS command injection and authentication bypass, some exploitable without authentication, that can result in root-level code execution. Affected firmware versions include EDS3000PS 3.1.0.0R2 and EDS5000 2.1.0.0R3, with several CVEs rated CVSS 9.8. Lantronix has published firmware updates to 3.2.0.0R2 and 2.2.0.0R1. Operators should apply updates, restrict network exposure, and follow CISA mitigation guidance.
read more →

CISA: Actively exploited Ivanti EPM flaw patched quickly

🔴 CISA has added a recently patched Ivanti Endpoint Manager vulnerability (CVE-2026-1603) to its Known Exploited Vulnerabilities catalog and ordered federal agencies to remediate within three weeks. The flaw allows unauthenticated remote actors to bypass authentication and exfiltrate credentials via low-complexity cross-site scripting. Ivanti released EPM 2024 SU5 last month, which also addressed an SQL injection issue, and says it has no confirmed reports of exploitation while Shadowserver still tracks over 700 Internet-facing instances.
read more →

Microsoft to Enable Hotpatch Security Updates by Default

🔔 Starting with the May 2026 Windows security update, Microsoft will enable hotpatch security updates by default for all eligible devices managed via Microsoft Intune and the Microsoft Graph API. The updates will be delivered through Windows Autopatch and are intended to halve the time to reach 90% patch compliance by applying fixes without requiring immediate restarts. Organizations can opt out at the tenant level through Intune controls that go live April 1, 2026, and administrators should use the Hotpatch quality updates report to confirm device readiness.
read more →

CISA Flags SolarWinds, Ivanti, and Workspace One Flaws

⚠️ CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog on Mar 10, 2026, citing evidence of active exploitation in SolarWinds Web Help Desk, Ivanti Endpoint Manager, and Omnissa Workspace One UEM. Federal civilian agencies were ordered to apply the SolarWinds fix by March 12 and remediate the other two flaws by March 23. The issues include a critical deserialization bug (CVE-2025-26399), an authentication bypass (CVE-2026-1603), and an SSRF (CVE-2021-22054) tied to ongoing threat activity.
read more →

March 2026 Patch Tuesday: 82 CVEs, 8 Critical Vulns

🔒 Microsoft’s March 2026 Patch Tuesday addresses 82 vulnerabilities, including eight Critical issues and two publicly disclosed flaws affecting Windows, Azure and Office. Notable high-severity items include a CVSS 9.8 RCE in the Microsoft Devices Pricing Program and several elevation-of-privilege and RCE flaws in Office, Excel and Azure Confidential Containers; some cloud-hosted issues were remediated server-side with no customer action required. CrowdStrike recommends prioritizing available fixes, applying mitigations where patches are absent, and using the Falcon Patch Tuesday dashboard to triage and track remediation.
read more →

Pingora HTTP/1.x Request Smuggling Fixes - 0.8.0 Patch

🔒 Cloudflare disclosed multiple HTTP/1.x request smuggling vulnerabilities in the open-source Pingora framework (CVE-2026-2833, CVE-2026-2835, CVE-2026-2836) that can desynchronize proxy and backend request framing when Pingora is used as an ingress proxy. The issues — reported by Rajat Raghav via Cloudflare’s bug bounty — allow bypass of proxy-layer checks, cross-user hijacking, or cache poisoning in exposed standalone deployments. Cloudflare confirmed its CDN and customer traffic were not affected and released fixes and hardening in Pingora 0.8.0. If you run Pingora as a proxy, upgrade to 0.8.0 as soon as possible.
read more →

CISA Adds Three Vulnerabilities to KEV Catalog, March 2026

⚠️ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2021-22054 (Omnissa Workspace ONE SSRF), CVE-2025-26399 (SolarWinds Web Help Desk insecure deserialization), and CVE-2026-1603 (Ivanti Endpoint Manager authentication bypass). BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate listed KEV entries by the specified deadlines. CISA strongly urges all organizations to prioritize timely patching and mitigation to reduce exposure to active exploitation.
read more →