All news with #patch management tag

🔧 Industrial AI initiatives collide with legacy OT realities: an AI-ready control room can still depend on an unpatched Windows 7 maintenance laptop that alone communicates with protection relays. The author reports pervasive visibility gaps across utilities and plants, noting fewer than 10% of OT networks have meaningful monitoring. AI trained on IT telemetry misclassifies normal industrial traffic and automated responses risk shutting down production; passive monitoring of Level 0–2 protocols and a focus on crown-jewel processes are essential before layering AI.

🔍 Verizon's latest DBIR reports that vulnerability exploitation has become the top initial access vector, accounting for 31% of breaches compared with 13% for credential abuse. The study links this shift to slower patching—only 26% of CISA KEV critical flaws were fully remediated—and a larger backlog of critical vulnerabilities. It also warns that threat actors may be using AI to scale discovery and exploitation, and highlights rising supply-chain incidents, increased shadow AI adoption, and persistent human-factor risks.

🛡️The EU Cyber Resilience Act (CRA) shifts focus from development practices to product safety, extending CE-like obligations to software, firmware, backend services and connected devices. It mandates SBOMs, minimum support lifecycles, and rapid reporting: organizations must have vulnerability and incident processes in place by Sept 11 and report exploited flaws within 24 hours, with full reports in three days. Many vendors and CIOs remain unprepared, particularly around automated SBOMs, open source obligations, and the wider conformity assessments the law introduces.

🔧 Cisco Talos argues that rapid advances in AI-driven code analysis will soon expose decades of latent software defects, triggering a likely surge in vulnerability disclosures and urgent patches. While AI can augment human reviewers by scanning code at scale, threat actors will also use these tools to find exploits. Organizations should reassess patch prioritization, scale deployment processes, and plan for systems that cannot be quickly patched. Talos recommends zero trust, centralized logging, PowerShell script block logging, and updated incident response playbooks.

🔧 Microsoft has applied a service-side fix for a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some EU-managed Windows devices. The issue affected a limited set of client platforms, including Windows 11 25H2, 24H2, and 23H2. Impacted systems experienced unexpected reboots and, in some cases, system failures depending on the installed drivers. Microsoft says no client-side action is required.

🔒 Microsoft’s May Patch Tuesday updates address at least 118 security flaws across Windows and other products, including 16 rated critical. This release is notable as the first Patch Tuesday in nearly two years without fixes for known exploited zero-days or previously disclosed vulnerabilities. Other major vendors — Apple, Google, Mozilla and Oracle — have accelerated patch cadences after collaborative AI evaluations. Administrators are advised to apply updates promptly and back up data before upgrading.

🔒 The author warns that relying on patching SLAs creates a misleading dashboard: SLAs show ticketing discipline, not true exposure. Easy, agent-patchable items keep scores green while legacy systems and architectural flaws remain in exception queues. Drawing on experience as a CISO and industry reports, the piece promotes cyber risk quantification to express exposures in dollars. It recommends treating SLAs as a floor, tightening exception hygiene, and funding remediation.

🛡️A proposal from Linux kernel co-maintainer Sasha Levin would add a configurable kill switch allowing privileged operators to disable specific kernel functions as an emergency mitigation until a patch can be built and deployed. Levin and colleagues provided a suggested implementation and argue it reduces exposure when fleets cannot be rebooted immediately. The suggestion has split experts and admins, with some warning of operational risk and others, including Red Hat, supporting non-disruptive mitigations.

🔍 A healthcare customer bought servers in 2017 and, due to COVID-era lifecycle extensions and current supply-chain bottlenecks, now faces expiring vendor support and long lead times that prevent timely hardware refresh. The article recommends building a complete inventory using scanners (Nessus, Qualys, Rapid7, Greenbone/OpenVAS), network discovery (Nmap) and device fingerprinting (runZero), then mapping assets to NVD and CISA Known Exploited Vulnerabilities (KEV). Use a weighted risk formula to prioritize remediation and sort systems into immediate, managed, and monitored tiers. Document risk acceptance, deploy compensating controls where needed, and consider continuous monitoring with Wazuh.

🔔 Amazon RDS for MySQL now supports MySQL minor versions 8.0.46 and 8.4.9, aligning with the latest community releases. AWS recommends upgrading to address known security vulnerabilities and to benefit from bug fixes, performance improvements, and new features. You can use automatic minor version upgrades or Amazon RDS Managed Blue/Green deployments to apply updates during scheduled maintenance for safer rollouts.

⚠️ CISA is reportedly weighing a proposal to shorten the remediation window for critical government vulnerabilities from the current 14 days to just 72 hours. The Reuters-sourced report ties the consideration to concerns that AI tools such as Anthropic’s Claude Mythos could accelerate the discovery and weaponization of serious flaws, though CISA has not confirmed the discussion. Security practitioners warn the tighter window would strain testing, asset discovery, and patch deployment; others say it could be attainable with modern automation and processes.

🔔 Oracle will issue monthly Critical Security Patch Updates (CSPUs) for its ERP, database and other software, shifting from a quarterly cadence to address faster AI-driven vulnerability discovery. The first monthly CSPU will arrive May 28, then releases will follow on the third Tuesday of each month (June 16, July 21, August 18). Oracle will still publish a cumulative quarterly Critical Patch Update and will auto-apply fixes for customers in Oracle-managed cloud environments. The change primarily affects customers running Oracle software on premises or in third-party hosting.

🛡️ The NCSC has warned UK organisations to prepare for a coming "patch wave" as vendors adopt powerful AI tools to discover and fix software vulnerabilities. CTO Ollie Whitehouse urged teams to prioritise external attack surfaces, enable automatic updates and hot patching where safe, and follow the NCSC's Vulnerability Management guidance. He cautioned that patching alone isn't enough for unsupported legacy systems and recommended replacing or restoring out-of-support technologies. The alert also notes potential US moves by CISA to shorten patch deadlines and industry concerns about operational readiness.

🔒 Microsoft confirms the April 2026 security updates are blocking the kernel driver psmounterex.sys, causing mounting failures and VSS snapshot timeouts in third-party backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server and NinjaOne Backup on Windows 10, Windows 11 and Windows Server. The update adds the driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896. Microsoft advises installing updated application versions that include drivers with required protections and checking the Code Integrity log for Event ID 3077 rather than uninstalling or pausing the security updates.

⚠️ CISA added CVE-2026-31431 (Linux Kernel Incorrect Resource Transfer Between Spheres) to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by required due dates; CISA notes this vulnerability type is a frequent attack vector and poses significant risk to the federal enterprise. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and says it will continue updating the KEV Catalog as new exploitation evidence emerges.

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries are CVE-2024-1708, a path traversal flaw in ConnectWise ScreenConnect, and CVE-2026-32202, a protection mechanism failure in Microsoft Windows. Under BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate KEV-listed flaws by specified due dates, and CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.

⚠️ Anthropic’s Project Glasswing, powered by the Mythos preview model, discovered pervasive, long-lived vulnerabilities across major operating systems and browsers — including chained exploit sequences, race-condition privilege escalations, and distributed ROP chains — and Anthropic paused a public release to give major vendors time to patch. Despite that cooperation, fewer than 1% of findings were patched, exposing a systemic remediation bottleneck. The author argues defenders must shift from scheduled, CVSS-driven processes to signal-driven validation, environment-specific context, and closed-loop remediation to act at machine speed against autonomous, AI-enabled attackers.

🚨 Over 1,300 Internet-exposed Microsoft SharePoint servers remain unpatched against CVE-2026-32201, a spoofing vulnerability Microsoft fixed in its April 2026 Patch Tuesday. The flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition and was flagged as a zero-day exploited in the wild. Fewer than 200 systems have been patched since the update; organizations should apply Microsoft's fixes or recommended mitigations immediately.

🔒 Two weeks after the April 7 disclosure of a remote code injection flaw (CVE-2026-34197) in Apache ActiveMQ, ShadowServer reports nearly 6,500 internet-facing instances remain unpatched. The vulnerability affects versions before 5.19.4 and 6.2.3 and can let an authenticated attacker load remote Spring XML to achieve code execution. CISA added the bug to its KEV list and organizations are urged to upgrade immediately.

⚠️ CISA added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and highlighting three flaws in Cisco Catalyst SD-WAN Manager. The list includes high-impact issues such as CVE-2025-32975 (Quest KACE SMA, CVSS 10.0) and authentication, path traversal, and XSS flaws in PaperCut, TeamCity, Kentico, and Zimbra. CISA noted prior ties of CVE-2023-27351 to Lace Tempest and recent Arctic Wolf telemetry on KACE abuse; Cisco confirmed active exploitation of two SD-WAN flaws in March 2026. Federal civilian agencies are urged to remediate the three Cisco vulnerabilities by April 23, 2026, and the remaining flaws by May 4, 2026.