All news with #patch tuesday tag

🔒 Microsoft released February 2026 Patch Tuesday updates addressing more than 50 vulnerabilities, including six actively exploited zero-days. Patches cover security feature bypasses in Windows Shell, MSHTML and Word, elevation-of-privilege flaws in Remote Desktop Services and Desktop Window Manager, and a denial-of-service risk in the Remote Access Connection Manager. Administrators and developers are urged to prioritize testing and deployment, maintain recent backups, and apply least-privilege controls to limit exposure, particularly for AI-assisted development workflows.

🔒 Microsoft released its February 2026 Patch Tuesday security update addressing 58 flaws, including six actively exploited zero-days and three that were publicly disclosed. The release fixes five Critical bugs and numerous elevation-of-privilege, remote code execution, and information disclosure issues across Windows and Office components. Microsoft also began a phased rollout of updated Secure Boot certificates to replace expiring 2011 certificates and has integrated built-in Sysmon functionality into Windows 11 insider builds.

⚠️ CISA added six Microsoft-related vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on February 10, 2026, citing evidence of active exploitation. The entries include CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21525, and CVE-2026-21533, affecting Windows, MSHTML, and Office components. Federal agencies must remediate KEV entries under BOD 22-01, and CISA urges all organizations to prioritize patching to reduce exposure.

🚨 Microsoft’s February 2026 updates address 59 vulnerabilities, including six actively exploited zero-days and five Critical issues. CrowdStrike identified the Windows Remote Desktop elevation-of-privilege (CVE-2026-21533) and observed exploitation against U.S. and Canadian organizations; other zero-days affect MSHTML, Windows Shell, Microsoft Word, Desktop Window Manager and Remote Access Connection Manager. Three Critical Azure service flaws were remediated in-platform while two Critical issues in Azure confidential containers require customer patching. CrowdStrike recommends timely updates, compensating controls, expanded detection/hunting, and use of the Falcon Exposure Management dashboard to prioritize and mitigate risk.

⚠️ Microsoft confirmed that a shutdown bug first reported on Windows 11 also affects Windows 10 devices with Virtual Secure Mode (VSM) enabled after recent January updates. The issue was initially tied to Windows 11 23H2 with KB5073455 and System Guard Secure Launch; emergency patches were issued shortly afterward. Affected users can temporarily force a shutdown using the command shutdown /s /t 0 while Microsoft prepares a broader fix.

⚠ Microsoft is investigating reports that the January Windows 11 security update KB5074109 causes the classic Outlook desktop client to freeze and hang for users with POP email accounts. Affected users say Outlook does not exit properly and will not restart after being closed, disrupting normal mail access. Microsoft’s Outlook and Windows teams are examining the issue but have not provided a timeline for a fix. As a temporary workaround, users can uninstall KB5074109 via Settings > Windows Update > Update history > Uninstall updates, though removing security updates can expose systems to additional risk.

⚠️ Microsoft has confirmed that the January 13, 2026 cumulative update (KB5073455) can prevent some Windows 11, version 23H2 devices with System Guard Secure Launch enabled from shutting down or entering hibernation, causing them to restart instead. The issue is limited to Enterprise and IoT editions where the update is offered. Microsoft recommends the temporary workaround shutdown /s /t 0 for shutdowns and warns there is currently no hibernation workaround. Users should save work and perform manual shutdowns to avoid battery drain.

🔒 Microsoft released updates addressing over 100 CVEs on the first Patch Tuesday of 2026, including three zero-day vulnerabilities. CVE-2026-20805 is an actively exploited information-disclosure flaw in the Desktop Window Manager that can undermine ASLR; CVE-2026-21265 concerns a secure-boot certificate-expiration bypass affecting many devices; CVE-2023-31096 is an elevation-of-privilege in legacy Agere modem drivers that Microsoft is removing. Administrators should prioritize patching, review firmware and UEFI certificates, and audit hardware where updates may require manual acceptance.

🔒 Microsoft released its first security update of 2026 addressing 114 vulnerabilities across Windows, including one actively exploited in the wild. The set includes eight Critical and 106 Important flaws, spanning privilege escalation, information disclosure, and remote code execution issues. Administrators are urged to prioritize the exploited CVE-2026-20805 and VBS-related fixes, and to follow guidance for Secure Boot certificate updates to avoid disruption.

🛡️ Microsoft’s January 2026 Patch Tuesday addresses eight critical vulnerabilities and an actively exploited zero-day, with many high‑score flaws affecting Office and SharePoint. The Desktop Window Manager information-disclosure bug (CVE-2026-20805) is already being exploited and can leak memory to enable follow-on attacks. Other priorities include an RRAS heap overflow (CVE-2026-20868), Secure Boot certificate updates (CVE-2026-21265), and multiple NTFS and WinSock elevation issues. Administrators should accelerate patching, restrict local access, and monitor for suspicious activity.

🔒 Microsoft released January 2026 security updates addressing 113 vulnerabilities across Windows and supported products, including eight rated Critical. The company confirmed active exploitation of a Desktop Window Manager information disclosure flaw, CVE-2026-20805, which researchers say can be chained to code execution bugs. Other prominent fixes include two Office RCEs exploitable via the Preview Pane, a critical Secure Boot bypass, and removal of legacy modem drivers. Experts urge rapid, risk-based patching and careful BIOS/bootloader preparation.

🔒Microsoft released its January 2026 Patch Tuesday updates addressing 114 vulnerabilities, including three zero-day flaws and one actively exploited issue. The bulletin patches an actively exploited Desktop Window Manager information disclosure (CVE-2026-20805), renews expiring Secure Boot certificates, and removes legacy Agere modem drivers (agrsm64.sys, agrsm.sys). Eight vulnerabilities are rated Critical, including six remote code execution flaws. Administrators should prioritize these cumulative updates and apply them promptly to reduce exposure.

🔒 Microsoft released its January 2026 security updates addressing 112 vulnerabilities across Windows and Office, including eight marked critical. One important issue, CVE-2026-20805, was observed exploited in the wild. Critical flaws include RCEs in LSASS, Word, Excel and Office, plus EoP in the Windows Graphics component and VBS Enclave. Cisco Talos published Snort rules to detect exploitation attempts (Snort 2: 65498, 65499, 65663–65676; Snort 3: 301344, 301368–301374).

🔔 Microsoft released its January 2026 Patch Tuesday addressing 114 vulnerabilities, including three zero-days and several Critical flaws. Notable fixes include an actively exploited information-disclosure issue in Windows Desktop Window Manager (CVE-2026-20805) and publicly disclosed zero-days in Agere Soft Modem and Secure Boot. The release also remediates multiple Critical RCE and elevation-of-privilege issues across Windows and Microsoft Office. Organizations should prioritize testing and deployment and apply compensating controls where immediate patching is impractical.

⚠️ CISA added two vulnerabilities — in Microsoft Office PowerPoint (CVE-2009-0556, CVSS 8.8) and HPE OneView (CVE-2025-37164, CVSS 10.0) — to its Known Exploited Vulnerabilities catalog after observing evidence of active exploitation. The HPE flaw permits unauthenticated remote code execution and affects versions prior to 11.00; HPE has released hotfixes for OneView 5.20 through 10. A proof-of-concept exploit for CVE-2025-37164 was disclosed publicly on December 23, 2025, prompting eSentire to urge immediate patching. Federal agencies subject to BOD 22-01 are instructed to remediate by January 28, 2026.

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0556 (Microsoft Office PowerPoint code injection) and CVE-2025-37164 (HPE OneView code injection). CISA notes evidence of active exploitation and highlights that these vulnerability types are frequent attack vectors posing significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by the specified due date. CISA strongly urges all organizations to prioritize timely remediation as part of sound vulnerability management.

🔒 Bleeping Computer reports that attackers are actively exploiting an older FortiOS vulnerability, CVE-2020-12812, which can bypass two-factor authentication. Although Fortinet issued a patch in July 2020, researchers say at least 10,000 FortiGate firewalls remain unpatched. Administrators are urged to install the latest updates immediately to mitigate account access risks. Additional measures include restricting administrative access, rotating credentials, and monitoring logs for suspicious activity.

🛡️Microsoft addressed 1,246 CVEs in 2025, including 158 critical flaws and 41 zero‑days, highlighting an increasingly aggressive threat landscape and the use of AI by attackers to accelerate exploitation. Experts warned that several lower‑scored but actively abused bugs—such as ToolShell (CVE-2025-53770), CVE-2025-24993, and CVE-2025-30377—enabled remote code execution or privilege escalation in practice. Recommended actions include immediate remediation of highest‑risk items, automated triage to free analysts, and contextual prioritization using SSVC rather than relying solely on raw CVSS scores.

⚠️ Schneider Electric warns that a Microsoft WSUS vulnerability (CVE-2025-59287, CWE-502) impacts EcoStruxure™ Foxboro DCS Advisor and may allow remote code execution with system-level privileges (CVSS 3.1 9.8). Microsoft fixes (KB5070882, KB5070884) are available via WSUS and may require a reboot to complete installation. Apply the patches promptly, verify installation with Schneider Electric Global Customer Support, and follow recommended network isolation and access-control measures to reduce exposure.

⚠️ Apple and Google issued urgent patches for two actively exploited zero-days affecting iOS, macOS, Safari and Chrome's ANGLE library, while multiple high‑severity flaws in React, WinRAR, and .NET proxies are being weaponized in live attacks. Researchers also disclosed SOAPwn .NET proxy abuse and a CentreStack/Triofox token‑encryption failure leading to remote code execution. CISA added the WinRAR path‑traversal bug to KEV; LastPass was fined after the 2022 breach. Prioritize immediate patching and validate web and SSO defenses.