All news with #patch tuesday tag

⚠️ Microsoft’s April 2026 Patch Tuesday addresses 164 CVEs, including two zero-days and eight Critical vulnerabilities. The release focuses heavily on elevation-of-privilege flaws (57% of patches) and updates for Windows, Office and developer tools. Notable fixes include an exploited SharePoint spoofing zero-day (CVE-2026-32201), a disclosed Defender elevation-of-privilege issue (CVE-2026-33825), and several high‑risk RCEs; deploy patches promptly and apply recommended mitigations.

⚠️ CISA has ordered U.S. federal agencies to remediate a critical Ivanti Endpoint Manager Mobile flaw (CVE-2026-1340) that has been exploited since January. The agency added the bug to its Known Exploited Vulnerabilities catalog and invoked BOD 22-01, giving agencies until Saturday, April 11 to patch or mitigate affected systems. Ivanti released fixes on January 29 and urged all customers to update immediately.

⚠️ The UK’s NCSC is urging organisations to immediately patch a critical vulnerability in F5 BIG-IP Access Policy Manager (APM) tracked as CVE-2025-53521, which is under active exploitation and can enable remote code execution when an APM access policy is configured on a virtual server. F5 has reclassified the issue from a denial‑of‑service to RCE with a revised CVSS of 9.8 after new information, and CISA has added it to its KEV catalog with a mandated federal patch deadline. Customers should follow F5’s incident‑handling and forensic guidance, isolate or rebuild affected systems, and report suspected compromises to the NCSC.

⚠️ CISA has ordered federal agencies to patch Citrix NetScaler appliances for CVE-2026-3055 by Thursday, April 2, after vendors warned the flaw is being actively exploited. The vulnerability arises from insufficient input validation in ADC and Gateway appliances configured as SAML identity providers and can enable unauthenticated attackers to steal admin session IDs and other sensitive information. Watchtowr reported in-the-wild abuse days after Citrix released fixes on March 23, and CISA has added the issue to its KEV Catalog and invoked BOD 22-01.

⚠️F5 Networks has reclassified a previously patched BIG-IP APM denial-of-service flaw (CVE-2025-53521) as a critical remote code execution vulnerability after evidence of active exploitation. Attackers are deploying webshells on unpatched devices that have access policies configured on virtual servers. F5 and CISA have published advisories and IOCs and are urging immediate patching, forensic checks of disks, logs, and terminal history, and adherence to incident-handling policies.

⚠️ Microsoft has paused the rollout of a Windows 11 preview update, KB5079391, after reports that installations fail with error 0x80073712. The optional cumulative update targeted Windows 11 24H2 and 25H2 and bundled 29 changes, including Smart App Control, display improvements, improved Windows Hello fingerprint reliability, and Windows RE stability for x64 apps on ARM64 devices. To prevent further impact, Microsoft has temporarily limited the update's availability through Windows Update while it investigates and said the issue will most likely be resolved before the April 14 Patch Tuesday, though no firm timeline was provided.

⚠ A critical Oracle WebLogic RCE (CVE-2026-21962, CVSS 10.0) was weaponized the same day public exploit code was released, a CloudSEK honeypot study found. The high-interaction honeypot, run between January 22 and February 3, 2026, recorded immediate automated scanning and exploitation attempts. Researchers also observed probes for older WebLogic flaws and widespread generic web reconnaissance. Organizations are urged to apply patches, restrict console access, deploy WAFs and monitor logs.

🔒Microsoft released its March Patch Tuesday updates addressing 84 security vulnerabilities, including two publicly disclosed zero-days. Of the fixes, eight are rated Critical and 76 Important, spanning privilege escalation, remote code execution, information disclosure and other classes. The highest-scoring issue is CVE-2026-21536 (CVSS 9.8) in the Microsoft Devices Pricing Program, which Microsoft says is fully mitigated. Administrators should review MSRC advisories and apply updates based on risk and exposure.

🔒 Microsoft released fixes for at least 77 vulnerabilities across Windows and related products in its March 2026 Patch Tuesday. Two issues were previously disclosed publicly, including a SQL Server privilege elevation (CVE-2026-21262) that can allow network-based escalation to sysadmin. Several critical remote code execution bugs in Microsoft Office and other components, plus a notable AI-discovered 9.8-rated RCE (CVE-2026-21536), merit prioritized attention. Administrators should review privilege escalation and RCE patches first and monitor for any post-update issues.

🔒 Microsoft issued its March 2026 Patch Tuesday addressing 79 vulnerabilities, three of which were marked critical though assessed as less likely to be exploited. The critical issues include Office remote code execution bugs (CVE-2026-26110, CVE-2026-26113) and an Excel information-disclosure flaw (CVE-2026-26144). Important fixes affect SharePoint, SQL Server and multiple Windows components. Cisco Talos published Snort and firewall rules to detect exploitation attempts and urges customers to apply patches and rule updates promptly.

🔒 Microsoft's March 2026 Patch Tuesday addresses 79 vulnerabilities, including two publicly disclosed zero-days and three Critical flaws. Notable fixes include two Office remote code execution bugs exploitable via the preview pane and an Excel information-disclosure issue that could enable data exfiltration via Copilot. Administrators should prioritize Office, Windows and Azure updates immediately.

🔒 Microsoft’s March 2026 Patch Tuesday addresses 82 vulnerabilities, including eight Critical issues and two publicly disclosed flaws affecting Windows, Azure and Office. Notable high-severity items include a CVSS 9.8 RCE in the Microsoft Devices Pricing Program and several elevation-of-privilege and RCE flaws in Office, Excel and Azure Confidential Containers; some cloud-hosted issues were remediated server-side with no customer action required. CrowdStrike recommends prioritizing available fixes, applying mitigations where patches are absent, and using the Falcon Patch Tuesday dashboard to triage and track remediation.

🔧 Microsoft released KB5075039 to repair a Windows 10 Recovery Environment (WinRE) startup failure caused by the October update KB5068164. The patch restores WinRE access for affected systems. Installation requires the WinRE partition to be at least 256 MB; administrators should back up drives before resizing partitions and follow Microsoft's manual resizing instructions.

🚨 A critical privilege escalation vulnerability in Junos OS Evolved on PTX Series routers (CVE-2026-21902) can allow unauthenticated remote code execution as root by exposing the On-Box Anomaly Detection framework on an externally accessible port. Because the service runs as root and is enabled by default, an attacker with network access could fully compromise affected devices. Juniper released fixes in 25.4R1-S1-EVO, 25.4R2-EVO and 26.2R1-EVO, and recommends applying updates, restricting access with firewall filters or ACLs, or disabling the service using request pfe anomalies disable.

🔒Microsoft fixed a remote code execution vulnerability in Windows 11 Notepad that allowed specially crafted Markdown links to launch local or remote programs without triggering Windows security dialogs. Tracked as CVE-2026-20841, the issue originated from Notepad's Markdown rendering treating certain file- and protocol-based links as clickable and unverified. Microsoft patched the flaw in the February 2026 Patch Tuesday updates and is distributing the Notepad update via the Microsoft Store; Notepad now displays a warning for non-http(s) links, though attackers could still try to social-engineer users into accepting prompts.

🔒 It's Patch Tuesday: more than 60 software vendors released security updates addressing flaws across OS, cloud, and networking platforms. Microsoft fixed 59 vulnerabilities, including six actively exploited zero-days that can bypass protections, escalate privileges, or cause DoS. SAP patched two critical bugs — a SQL injection in CRM/S/4HANA (CVE-2026-0488, CVSS 9.9) and a missing authorization in NetWeaver ABAP (CVE-2026-0509, CVSS 9.6) — which may require kernel updates and role or UCON adjustments. Intel and Google also disclosed five TDX 1.5 vulnerabilities and numerous improvement suggestions; Adobe released multiple product updates with no known in-the-wild exploits reported.

🔒 Microsoft released security updates fixing 59 vulnerabilities across Windows and related products, including six flaws Microsoft says are being actively exploited. The update includes five Critical, 52 Important and two Moderate fixes, addressing privilege escalation, remote code execution, spoofing and information disclosure. Microsoft and external researchers reported several actively exploited CVEs; CISA has added them to its KEV catalog with a March 3, 2026 remediation deadline for federal agencies.

🔒 Microsoft released updates to fix six actively exploited zero-day vulnerabilities, three of which have been publicly disclosed. The issues include security feature bypasses in Windows Shell, MSHTML and Word, plus elevation-of-privilege and denial-of-service flaws affecting DWM, Remote Access Connection Manager and Remote Desktop Services. None are rated critical and only five of 58 patches this month were classed as critical. Administrators should prioritise applying updates and monitoring for exploitation.

🔒 Microsoft’s February 2026 Patch Tuesday delivers 60 fixes, including six vulnerabilities the vendor says are actively exploited. Three are security feature bypass flaws in Windows Shell, MSHTML and Office OLE mitigations; two permit local elevation to System, and one enables local denial-of-service. Experts note patches are straightforward and require no post-patch configuration, but prioritization of the bypasses and cloud-related issues is urgent.

🔔 Microsoft released its February 2026 security updates addressing 59 vulnerabilities across Windows and cloud products, including two Critical issues in ACI Confidential Containers. Several vulnerabilities are reported as actively exploited and others have been publicly disclosed, impacting components such as Windows Shell, MSHTML, Office, Azure, Hyper-V, and GitHub Copilot. Talos is publishing a new Snort ruleset to detect exploitation attempts; administrators should apply Microsoft patches and update intrusion detection signatures promptly.