All news with #patch release tag

⚠️ Siemens has published updates for Simcenter Femap and Simcenter Nastran addressing multiple file‑parsing vulnerabilities in NDB and XDB formats. If a user opens a specially crafted malicious file, affected versions may crash or allow an attacker to achieve arbitrary code execution. Siemens rates the issues as high severity and recommends updating to V2512 or later and avoiding untrusted NDB/XDB files.

🔒 GE Vernova released updates for Enervista UR Setup to address two vulnerabilities. The installer is vulnerable to DLL hijacking (CVE-2026-1762), which could allow administrative code execution when run in directories containing untrusted DLLs. A second issue is a path traversal (CVE-2026-1763) that can overwrite files as the logged-in user. Users should update to version 8.70 or later.

⚠️ Google warns IT administrators that an exploit for a newly disclosed Chrome zero-day (CVE-2026-2441) is active in the wild. The issue is a use-after-free bug in the browser's CSS engine that can allow remote code execution in the renderer sandbox when a user visits a crafted page. Patches are available — update to 145.0.7632.75/76 on Windows/Mac or 144.0.7559.75 on Linux — and Google is limiting technical details until most users are updated. Administrators should prioritize deploying the fixes and monitor browser versions and endpoints closely.

🔒 Google has released an urgent security update for Chrome to address CVE-2026-2441, a high-severity zero-day affecting desktop builds on Windows, macOS and Linux. The flaw, rooted in a CSS processing issue, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Google confirmed an exploit is already in the wild and credited researcher Shaheen Fazim for reporting the bug on February 11; the company issued the patch on February 13.

🔧 Google released emergency updates to fix a high-severity Chrome zero-day (CVE-2026-2441) that is being exploited in the wild. The flaw is a use-after-free caused by an iterator invalidation bug in CSSFontFeatureValuesMap, and Google pushed a backported patch across stable branches. Fixes are rolling out to Windows and macOS (145.0.7632.75/76) and Linux (144.0.7559.75); users should update or let Chrome apply updates automatically. Google noted additional related work remains tracked in bug 483936078.

⚠️ Google released updates for Chrome to patch CVE-2026-2441, a high-severity (CVSS 8.8) use-after-free vulnerability in CSS that has been confirmed as exploited in the wild. Discovered by researcher Shaheen Fazim on Feb 11, 2026, the bug can enable remote code execution inside Chrome's sandbox via a crafted HTML page. Users should update to 145.0.7632.75/76 (Windows/macOS) or 144.0.7559.75 (Linux) and ensure Chromium-based browsers receive equivalent fixes.

🔧 Microsoft says the February 10, 2026 Patch Tuesday update KB5077181 resolves a bug that left some commercial Windows 11 systems unbootable with an UNMOUNTABLE_BOOT_VOLUME error after failed updates. The problem affected a limited set of physical devices running 25H2 and 24H2 and was linked to an incomplete rollback following a December 2025 security update. An optional preview fix (KB5074105) was released on January 29, 2026 to help prevent further devices from being affected. Systems that became unbootable prior to the February fix may still require manual remediation via Microsoft Support for Business.

⚠️ Developers patched a nearly 30-year-old heap buffer overflow in the libpng image library—fixed in libpng 1.6.55—that can crash applications processing crafted PNG files and, with careful heap grooming, enable information disclosure or remote code execution. The flaw exists in the png_set_quantize function when called without a histogram and with oversized palettes. A proof-of-concept is public; users and distributors should upgrade promptly.

⚠️ CISA has flagged a critical Microsoft Configuration Manager vulnerability (CVE-2024-43468) as actively exploited after Microsoft patched it in October 2024. The flaw is a SQL injection that can allow unauthenticated remote attackers to achieve remote code execution and run commands with elevated privileges on the server or site database. CISA ordered federal agencies to apply the patch or mitigations by March 5 under BOD 22-01 and urged all organizations to secure affected systems immediately.

🔧 Microsoft has deployed a service-side fix for a Family Safety bug that prevented Google Chrome and some other browsers from launching or caused them to crash on Windows 10/11 devices. The problem, first reported in late June 2025, was traced to the service's web-filtering and block-list behavior that misidentified updated browser versions. The rollout began in early February 2026 and should reach affected devices in the coming weeks; users should connect to the Internet to receive the update. Those who cannot go online can enable Activity reporting in Family Safety to receive approval requests and allowlist newer browser versions.

🔒 Amazon RDS for PostgreSQL now supports minor versions 18.2, 17.8, 16.12, 15.16, and 14.21. We recommend upgrading to these latest minor versions to remediate known security vulnerabilities and benefit from upstream bug fixes. The release also includes the pg_stat_monitor extension for unified query and performance metrics. Upgrades can be automated via scheduled maintenance, AWS Organizations rollout policies, or Blue/Green deployments to minimize downtime.

🔄 Amazon Relational Database Service now supports the latest Cumulative Update, CU23 (KB5078297), for SQL Server 2022 on Amazon RDS for SQL Server. We recommend that customers upgrade affected RDS instances to apply this update to obtain fixes and improvements. You can perform the upgrade through the Amazon RDS Management Console or programmatically using the AWS SDK or CLI, and consult the Amazon RDS SQL Server User Guide for detailed upgrade instructions.

🔁 Amazon RDS for MariaDB now supports community minor versions 10.6.25, 10.11.16, 11.4.10, and 11.8.6. We recommend upgrading to the latest minor releases to remediate known security vulnerabilities and gain bug fixes, performance improvements, and new features contributed by the MariaDB community. You can enable automatic minor version upgrades to apply updates during scheduled maintenance windows or use Amazon RDS Managed Blue/Green deployments for safer, lower-risk updates.

🔒 BeyondTrust has released emergency patches to address a critical unauthenticated remote code execution vulnerability in self-hosted instances of Remote Support and Privileged Remote Access. Tracked as CVE-2026-1731 and discovered in January by Hacktron AI, the flaw is rated 9.9/10. BeyondTrust published Patch BT26-02-RS for RS 21.3–25.3.1 and Patch BT26-02-PRA for PRA 22.1–24.x; PRA 25.1+ are not affected and SaaS tenants were patched server-side. Around 11,000 RS instances are internet-exposed, roughly 8,500 of which are on-premises and need immediate patching.

🔒 Microsoft released the Windows 10 KB5075912 extended security update for ESU-enrolled systems and Enterprise LTSC installations to address February 2026 Patch Tuesday fixes, including six actively exploited zero-day vulnerabilities. After installation, affected systems are updated to build 19045.6937 (or 19044.6937 for LTSC 2021). The update also continues a phased rollout of replacement Secure Boot certificates and resolves a Secure Launch-related shutdown/hibernation issue.

🔒 Microsoft released Windows 11 cumulative updates KB5077181 (for 25H2/24H2) and KB5075941 (for 23H2) delivering the February 2026 Patch Tuesday security fixes, bug fixes, and feature improvements. The updates move systems to 26200.7840 (25H2), 26100.7840 (24H2), and 226x1.6050 (23H2). Notable additions include Cross‑Device Resume expansion, an inbox Windows MIDI Services implementation, enhanced Windows Hello peripheral fingerprint support, and a user toggle for Smart App Control. Install via Settings > Windows Update or download from the Microsoft Update Catalog.

🔐 Microsoft has begun rolling out updated Secure Boot certificates through regular monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. The automatic refresh targets devices with Microsoft-managed updates; many PCs shipped since 2024 and most built in 2025 already include the new certificates. Some systems may still require separate OEM firmware updates before the new certs can be installed. Administrators can also deploy the new certificates via registry keys, Group Policy, or the Windows Configuration System to ensure Windows Boot Manager and Secure Boot protections remain in place.

🔒 BeyondTrust has released updates to address a critical pre-authentication remote code execution vulnerability affecting Remote Support and older Privileged Remote Access versions. The flaw, tracked as CVE-2026-1731, is an operating-system command injection rated 9.9 on the CVSS scale and allows unauthenticated attackers to execute OS commands in the context of the site user. Patches (BT26-02-RS and BT26-02-PRA) or upgrades to the fixed releases should be applied immediately, and self-hosted customers without automatic updates must apply the fix manually.

⚠️ CISA warns that ransomware actors are actively exploiting CVE-2026-24423, a critical unauthenticated remote code execution vulnerability in SmarterTools SmarterMail via the ConnectToHub API. SmarterTools released a fix on January 15 (Build 9511) and issued further updates through Build 9526 on January 30. Agencies must apply updates or stop using the product by February 26, 2026, under KEV and BOD 22-01 guidance.

⚠ CISA has added a critical SolarWinds Web Help Desk vulnerability, CVE-2025-40551, to its Known Exploited Vulnerabilities catalog and flagged it as actively exploited. The flaw is an untrusted data deserialization vulnerability that can enable remote code execution without authentication, allowing attackers to run commands on affected hosts. SolarWinds released patches in WHD version 2026.1 that also address several related high-severity CVEs. Federal Civilian Executive Branch agencies are required to remediate this flaw under BOD 22-01, with a February 6, 2026, deadline.