< ciso
brief />
Tag Banner

All news with #patch management tag

105 articles

Why clearinghouses aren’t the core solution

🛠️ Athena joins a crowded set of recently announced clearinghouses, but the author argues the clearinghouse itself is the least important part of the equation. Clearinghouses are simply pools of vulnerability data; the real value is in actuation — rebuilding, testing, signing, and delivering fixes where users will actually consume them. The rise of private pre-disclosure findings is a byproduct of models tested against running applications, and scale plus fast throughput matters more than the mere existence of another database.
read more →

SMB Cyber Readiness: Prioritize the Fundamentals

🔒 AI is reshaping attacker toolkits, but familiar failures—phishing, unpatched vulnerabilities, poor monitoring and weak passwords—remain the primary causes of incidents for SMBs. ESET telemetry and research show AI mainly amplifies these risks rather than replacing them with pervasive, real-time AI malware. Practical mitigations like patch management, identity protection, MFA, password managers and MDR services remain the most effective ways to improve readiness and resilience.
read more →

SageMaker HyperPod adds AMI versioning and auto-patch

🛠️ Amazon SageMaker HyperPod now reports AMI versions across clusters and can automatically apply backward-compatible security patches without disrupting workloads. Administrators can view AMI semantic versions (major.minor.patch), detect drift, and roll back to prior versions — preserving NVIDIA drivers, CUDA, and other bundled software — via the UpdateClusterSoftware API. Auto-patching is opt-in per instance group, applies only when nodes are idle, and avoids major/minor upgrades; it can be enabled through CreateCluster or UpdateCluster APIs. A new AMI support policy defines patch support timelines; both features are available for EKS-orchestrated HyperPod clusters in supported Regions.
read more →

Microsoft extends Windows Server 2022 hotpatching until 2027

🛠️ Microsoft has extended hotpatching for Windows Server 2022 Datacenter: Azure Edition through October 2027, one year beyond the mainstream end date of October 2026. This extension is effective immediately and applies only to systems enrolled in Hotpatch updates, preserving the existing monthly hotpatch cadence. Hotpatching applies security fixes to in-memory code of running processes to avoid restarts, though updates from the regular channel still require reboots. The change helps maintain uptime and reduce servicing disruptions while non-hotpatch updates, such as non-security and .NET patches, still need restarts.
read more →

Weekly Cyber Recap: Kernel Flaws and AI Risks

🛡️ This week’s recap highlights how seemingly small mistakes — missed patches, old access paths, or unprivileged namespaces — can yield significant compromises. New findings include the DirtyClone Linux kernel flaw allowing local privilege escalation, active exploitation of a critical PTC Windchill vulnerability, and novel macOS malware designed to deceive AI analysis tools. The briefing also covers disruptive takedowns, trending CVEs, and emerging AI-model risks.
read more →

Microsoft extends free Windows 10 ESU to 2027

📰 Microsoft quietly extended free Windows 10 Extended Security Updates (ESU) for consumer devices by one year, now covering devices through October 12, 2027. The change appeared in documentation updates and an editor's note on the Windows Experience Blog dated June 25, 2026. Enrolled users will remain covered automatically, and the consumer ESU remains unavailable for domain-joined or MDM-managed systems. The extension aims to give consumers more time to upgrade to Windows 11 or newer devices.
read more →

OpenAI expands Daybreak with GPT-5.5-Cyber release

🔒 OpenAI has expanded its Daybreak cyber-defense program, advancing patch automation with the full release of GPT-5.5-Cyber, updates to Codex Security, and a new open-source patching initiative. Access to the model is limited to verified defenders and paired with enhanced monitoring. OpenAI reports improved vulnerability reproduction and exploit-writing scores, while emphasizing human oversight and partnerships with vendors and governments.
read more →

AWS extends RDS MySQL 5.7 support to 2029

🔔 Amazon Aurora MySQL-Compatible Edition and Amazon RDS for MySQL now offer RDS Extended Support for MySQL 5.7 through June 30, 2029, extending the previous end date of February 28, 2027. This extension covers Aurora MySQL version 2 (MySQL 5.7 compatibility) and RDS for MySQL 5.7, providing critical security patches, high-severity CVE fixes, operational bug patches, and AWS Support under existing SLAs. There is no price increase; customers remain on Year 3 pricing through June 30, 2029. AWS recommends upgrading to MySQL 8.0 or 8.4-compatible versions and provides upgrade paths including Blue/Green Deployments, in-place upgrades, or snapshot restore.
read more →

AWS launches Continuum for automated vulnerability lifecycle

🔒 Today, AWS announces AWS Continuum, which discovers, prioritizes, validates, and remediates security risks at machine speed within guardrails you define. It ingests findings from existing tools and its own scans, builds an environment-aware context graph to prioritize issues, validates exploitability with reproducible proofs in isolated sandboxes, and applies fast, reversible mitigations followed by durable fixes. Continuum integrates with services like Amazon GuardDuty and AWS Security Hub, and previews include Continuum penetration testing, code scanning, and automated threat modeling in STRIDE format.
read more →

NCSC Warning: Prepare for an Unprecedented Patch Wave

🔔 The NCSC warns organisations to brace for a large-scale “patch wave” as AI accelerates exploitation of technical debt. Check Point outlines how Exposure Management helps public sector and CNI teams identify internet-facing assets, prioritise exploitable vulnerabilities, and remediate safely. The guidance emphasises discovery, exploitability-based prioritisation, and compensating controls to reduce MTTR.
read more →

CISA Adds One Vulnerability to KEV Catalog

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirmed active exploitation. The agency emphasizes that such flaws are common attack vectors posing significant risk to the federal enterprise and urges rapid remediation. Binding Operational Directive 26-04 requires FCEB agencies to prioritize fixes for KEV-listed CVEs on internet-exposed assets and to check for compromise prior to patching. CISA encourages all organizations to adopt risk-based vulnerability management and submit potential KEV candidates via the KEV Nomination Form.
read more →

Microsoft fixes WUSA update failures in June patch

🔧 Microsoft fixed a known issue causing Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. The bug affected enterprise Windows 11 24H2/25H2 and Windows Server 2025 devices when multiple .msu files were present on a network share, producing ERROR_BAD_PATHNAME. Microsoft mitigated the issue for home and non-managed business devices in September 2025 and delivered a full fix in the June 2026 cumulative updates (KB5079391, KB5094125).
read more →

CISA Directive Replaces Deadline Patching With Risk

🔒 CISA has issued Binding Operational Directive 26-04 requiring US federal agencies to shift from rigid, deadline-driven patching to a risk-based remediation model that prioritizes actively exploited threats. The directive ties remediation windows to risk — including a three-day forensic and patching requirement for the most critical flaws — and consolidates previous mandates into a single framework. It replaces CVSS-based prioritization with a four-factor risk assessment and gives agencies 180 days to meet the new timelines.
read more →

CISA mandates rapid remediation of critical federal flaws

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 26-04 to require Federal Civilian Executive Branch agencies to prioritize and accelerate patching of high-risk vulnerabilities. The directive sets remediation timelines based on asset exposure, presence in CISA's Known Exploited Vulnerabilities (KEV) catalog, exploit automation risk, and potential for system control, with the shortest deadline as three days. It supersedes previous BODs and applies to on-premises, third-party hosted, and cloud environments, excluding certain military, intelligence, and contractor systems.
read more →

CISA Directive Pushes Risk-Based, Contextual Patching

🔒 CISA issued Binding Operational Directive 26-04 to prioritize vulnerabilities by contextual risk rather than CVSS alone. The directive uses four factors — internet exposure, KEV listing, exploit automation, and post-exploitation impact — to set dynamic remediation timelines, including a three-day requirement for the highest-risk cases. The guidance aims to help agencies focus scarce resources on flaws most likely to be exploited amid faster discovery driven by AI.
read more →

DSIT Rethinks Remediation to Simplify Vulnerability Fixes

🔍 The UK's DSIT manages security for over half a million government domains and is streamlining how vulnerabilities are communicated and fixed. Nick Woodcraft explained at Infosecurity Europe 2026 that DSIT focuses on clear, outcome-oriented guidance so non-experts can prioritise remediations. The department uses SIEM integration and NCSC channels to distribute trusted data and avoids overwhelming organisations by staging issue disclosures. Emphasis remains on basics like patching to mitigate faster-emerging threats.
read more →

Microsoft attributes unexpected driver updates to caching error

🔧 Microsoft acknowledged and fixed an issue where a Windows Update caching misconfiguration caused some devices to install driver updates despite policies preventing auto-updates. The company said the caching service temporarily dropped device enrollment information, causing driver-approval controls to be bypassed. Microsoft updated the service cache and enrollment status, confirmed remediation, and is investigating root causes to prevent recurrence.
read more →

AI-Driven Exploitability Forces Faster Patching

🔒 As AI models like GPT5.5 and Claude Mythos accelerate exploit discovery, organisations face shrinking windows to patch vulnerabilities. Industry experts at Infosecurity Europe warn mean time to exploit has fallen from days to hours, prompting regulatory responses such as India’s 12-hour patch expectation. Analysts contrast vendor-centric EU rules with market-driven US approaches and recommend exploit-intelligence led patching, automation, segmentation and stronger producer SLAs.
read more →

Less Panic Patching, More Precision in Remediation

🔍 This edition of Threat Source argues for smarter patch prioritization, pairing CVSS severity with EPSS likelihood to focus scarce operations on vulnerabilities being actively exploited. It contrasts centralized KEV visibility with emerging decentralized GCVE enrichment and highlights Cisco Talos' new open-source EvidenceForge for generating realistic synthetic logs to train defenders. The newsletter also summarizes recent incidents, vulnerability research, and tooling updates.
read more →

CERT-In urges tighter remediation timelines amid AI risks

🔒 India’s cybersecurity agency, CERT-In, has issued a framework urging organizations to patch, mitigate, or isolate known exploited internet-facing “crown jewel” systems within 12 hours where feasible, citing AI-assisted attacks that compress exploitation timelines. The 38-page blueprint prescribes tiered remediation windows—one day for externally exposed critical flaws, three days for critical internal issues, and five days for high-severity vulnerabilities—while emphasizing temporary mitigations and continuous exposure management over periodic assessments.
read more →