Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs
June 11, 2024Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).
CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server
June 4, 2024Researchers have released an exploit chain to achieve remote code execution on unpatched instances of Progress Telerik Report Server. Immediate patching is recommended.
Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
April 9, 2024Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities.
Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)
February 13, 2024Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
February 9, 2024Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
September 27, 2023A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
September 12, 2023Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 7, 2023A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
August 3, 2023A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
July 25, 2023Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
June 16, 2023Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
CVE-2023-20887: VMware Aria Operations for Networks Command Injection
June 14, 2023VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.