All news with #patch release tag

⚠️Microsoft is investigating reports that some Samsung laptops running Windows 11 lose access to the C:\ drive after installing the February 2026 security updates. Affected users encounter the error 'C:\ is not accessible - Access denied' and cannot launch applications such as Outlook, Office apps, web browsers, and system utilities. Microsoft says it is working with Samsung and that the problem may be related to the Samsung Share application, but no official workaround has been provided.

🔔 Veeam has released updates to address multiple vulnerabilities in Veeam Backup & Replication, including three critical authenticated RCE flaws affecting builds up to 12.3.2.4165. The three RCE issues (CVE-2026-21666, CVE-2026-21667 and CVE-2026-21708) carry CVSS 9.9 scores and can permit authenticated users to execute code on backup servers; two additional high-severity bugs enable file manipulation and local privilege escalation. Veeam fixed the issues in build 12.3.2.4465 and urges organizations to patch immediately, emphasizing that backup infrastructure represents a highly privileged target for attackers.

🔒 Google released security updates for Chrome to address two high-severity zero-day vulnerabilities that have been exploited in the wild. The flaws—CVE-2026-3909 (Skia out-of-bounds write) and CVE-2026-3910 (V8 sandbox code execution)—are rated CVSS 8.8 and were reported on March 10, 2026. Users should update to versions 146.0.7680.75/76 for Windows and macOS or 146.0.7680.75 for Linux and apply vendor patches for other Chromium-based browsers.

🔒 Google released emergency updates to address two Chrome zero-day vulnerabilities exploited in the wild. The first, CVE-2026-3909, is an out-of-bounds write in the Skia rendering library that can cause crashes or enable code execution; the second, CVE-2026-3910, is an inappropriate implementation issue in the V8 JavaScript/WebAssembly engine. Updates for Chrome Stable are rolling on Windows, macOS, and Linux; users should update promptly. If automatic updates are enabled, the patch will install on next launch.

🔒 Veeam has released security updates addressing seven critical vulnerabilities in Veeam Backup & Replication that could enable remote code execution, file manipulation, or privilege escalation if exploited. Affected builds include 12.3.2.4165 and earlier 12.x releases; fixes are available in 12.3.2.4465 and select fixes in 13.0.1.2067. Notable issues include multiple CVEs with CVSS scores up to 9.9 that allow authenticated domain users, Backup Viewers, or Backup Administrators to execute code, alter files, or escalate privileges. Veeam warned attackers may reverse-engineer patches, and customers are urged to update promptly.

🛡️ Veeam has released updates for Veeam Backup & Replication that address multiple vulnerabilities, including four critical remote code execution (RCE) flaws that allow low-privileged users or Backup Viewer accounts to execute code on backup servers. The key issues (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) are fixed in 12.3.2.4465 and 13.0.1.2067. Administrators are urged to upgrade immediately, as ransomware actors have repeatedly targeted VBR to move laterally, steal data, and prevent recovery.

🔒 Apple has released security updates that backport fixes for vulnerabilities exploited by the Coruna exploit kit to older iPhones and iPads that cannot run the latest iOS releases. The patches, issued as iOS/iPadOS 15.8.7 and 16.7.15 builds, remediate kernel and WebKit issues — including CVE-2023-41974, CVE-2024-23222, CVE-2023-43000 and CVE-2023-43010 — to prevent privilege escalation and remote code execution. Affected legacy devices include a range of iPhone 6s through iPhone X models, multiple iPad Air/Pro and mini models, and the 7th‑gen iPod touch.

⚠️ Siemens SIMATIC S7-1500 devices are affected by a high-severity vulnerability (CVE-2025-40943) that allows code injection when a user imports a specially crafted trace file via the device web interface. Siemens has released fixes (notably V4.1.2 and later) for many affected products and is preparing additional updates. Where patches are not yet available, Siemens and CISA advise disabling the web server if unused, restricting access to TCP ports 80/443, and only importing trusted trace files.

⚠️ CISA published an advisory for Trane Tracer SC, Tracer SC+, and Tracer Concierge reporting five vulnerabilities that could lead to information disclosure, arbitrary command execution, or denial-of-service. The issues (CVE-2026-28252 through CVE-2026-28256) include broken cryptography, excessive memory allocation, missing authorization, and hard-coded credentials/constants. Affected builds include Tracer SC < v4.4_SP7 and Tracer SC+/Concierge < v6.3.2310; Trane released Tracer SC+ v6.30.2313 to address these flaws. CISA advises isolating control networks, restricting remote access, applying vendor updates, and following ICS defensive best practices.

⚠️ Siemens reports that SIDIS Prime versions prior to V4.0.800 include multiple vulnerabilities in third‑party components such as OpenSSL, SQLite, and a range of Node.js libraries. The advisory enumerates numerous CVEs covering memory corruption, DoS, XSS, path traversal, prototype pollution, and other weaknesses. Siemens and CISA recommend updating to V4.0.800 or later, restricting network exposure, and following vendor operational guidance before deployment. Affected systems are used worldwide in critical manufacturing environments and should be assessed promptly.

🔒 A deserialization vulnerability in Inductive Automation Ignition (CVE-2025-13913) allows a privileged, authenticated user to import a crafted file that executes embedded code during deserialization, potentially running with the OS application service account's permissions. The flaw affects Ignition versions prior to 8.3.0 and carries a CVSS v3.1 base score of 6.3; CISA reports it is not remotely exploitable and no public exploitation is known. Remediation is to upgrade to 8.3.0 or later. As interim mitigations, follow the Ignition Security Hardening Guide, restrict project imports to trusted sources, use dedicated low-privilege service accounts, and segment gateways from corporate networks.

⚠️ Siemens has issued updates for Heliox EV chargers after identifying an improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Affected models include the Heliox Flex 180 kW and Heliox Mobile DC 40 kW stations. Siemens recommends applying the provided over-the-air (OTA) updates and contacting customer support for patch rollout details. CVE-2025-27769 is rated CVSS v3.1 2.6 (Low) and categorized as CWE-923.

🔒 Apple has backported a WebKit memory-corruption fix, tracked as CVE-2023-43010, to older iOS and iPadOS releases after the flaw was observed in the Coruna exploit kit. The original mitigation shipped in iOS 17.2 on December 11, 2023; Apple’s recent updates — including iOS 15.8.7 and iOS 16.7.15 — extend protections to devices that cannot run the latest OS. Users with affected legacy devices are advised to install the available backports to mitigate exploitation risk.

🔔 CISA has ordered federal agencies to patch an actively exploited remote code execution flaw in n8n, tracked as CVE-2025-68613, which permits authenticated attackers to run arbitrary code with the n8n process's privileges. The n8n team released n8n v1.122.0 in December to address the issue and urges immediate upgrades; temporary mitigations include restricting workflow creation/editing, limiting OS privileges, and reducing network access. Shadowserver reports over 40,000 exposed instances globally, prompting a March 25 remediation deadline for federal civilian agencies under BOD 22-01.

🔒 SAP, Microsoft, Adobe and many other vendors released patches this month for multiple critical and high‑risk vulnerabilities, including remote code execution and authentication bypasses. SAP addressed two critical flaws — CVE-2019-17571 (Log4j 1.2.17, CVSS 9.8) and CVE-2026-27685 (insecure deserialization, CVSS 9.1) — while Microsoft and Adobe shipped fixes for dozens more. Hewlett Packard Enterprise patched an Aruba AOS‑CX authentication bypass (CVE-2026-23813, CVSS 9.8). Organizations should prioritize fixes for RCE, insecure deserialization, and authentication-bypass issues on Internet-facing and management interfaces.

🔒 Microsoft has released the Windows 10 KB5078885 extended security update for Enterprise LTSC and ESU devices. Install via Settings → Windows Update to move systems to build 19045.7058 (or 19044.7058 for LTSC 2021); the update consolidates March 2026 Patch Tuesday fixes that address 79 vulnerabilities, including two actively exploited zero-days. It also fixes a shutdown/hibernation bug and advances a controlled rollout of new Secure Boot certificates to maintain boot-time validation.

🛡️ Microsoft released cumulative updates KB5079473 and KB5078883 for Windows 11 (25H2/24H2 and 23H2) delivering the March 2026 Patch Tuesday security fixes, bug repairs, and new features. These mandatory updates can be installed via Start > Settings > Windows Update or downloaded from the Microsoft Update Catalog, and will increment build numbers for each channel. Highlights include expanded Secure Boot certificate targeting, a native Sysmon option, Emoji 16.0 additions, Quick Machine Recovery, and multiple reliability and UX improvements.

🔒 HPE has released patches for multiple vulnerabilities in the AOS-CX network OS, including a critical authentication bypass (CVE-2026-23813) that can allow unauthenticated actors to reset administrator passwords via the web management interface. The company reports no known public exploits at publication. Until updates are applied, HPE recommends isolating management interfaces, enforcing ACLs, disabling unnecessary HTTP(S) on SVIs and routed ports, and increasing logging and monitoring.

🔧Microsoft has confirmed it is still working to fully resolve a bug that causes bright white flashes when opening File Explorer on some Windows 11 systems. The company has rolled fixes to Windows Insiders in the Beta and Dev channels via preview builds Build 26220.7961 (KB5079382) and Build 26300.7965 (KB5079385). Those updates remove white flashes when launching new Explorer windows or tabs and when resizing elements, and also add voice typing and improved file unblocking reliability. Microsoft originally linked the issue to the optional KB5070311 update in December.

🚨 Cisco released its March 4 semiannual firewall update addressing 25 security advisories and 48 CVEs, led by two “perfect 10” flaws in Secure Firewall Management Center (FMC). CVE-2026-20079 (authentication bypass) and CVE-2026-20131 (insecure deserialization) both carry CVSS scores of 10 and can yield unauthenticated root access via the web management interface. Cisco reports no known exploitation yet and offers no workarounds; administrators should remove public FMC exposure until patches can be applied.