Falcon Exposure Management Team
October 2024 Patch Tuesday: Two Zero-Days and Three Critical Vulnerabilities Amid 118 CVEs
Microsoft has released security updates for 118 vulnerabilities in its October 2024 Patch Tuesday rollout. These include two actively exploited zero-days (CVE-2024-43573, CVE-2024-43572). Three of the[…]
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs
Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include four actively exploited zero-days (CVE-2024-38014, CVE-2024-38217, CVE-2024-38[…]
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs
Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189,[…]
July 2024 Patch Tuesday: Two Zero-Days and Five Critical Vulnerabilities Amid 142 CVEs
Microsoft has released security updates for 142 vulnerabilities for its July 2024 Patch Tuesday rollout. These include two actively exploited zero-days (CVE-2024-38080 and CVE-2024-38112). Five of the[…]
June 2024 Patch Tuesday: 51 Vulnerabilities Addressed Including One Critical and One Zero-Day
Microsoft released security updates for 51 vulnerabilities in its June 2024 Patch Tuesday rollout. These patches address one previously disclosed zero-day vulnerability affecting the DNS protocol (CVE[…]
May 2024 Patch Tuesday: Two Zero-Days Among 61 Vulnerabilities Addressed
Microsoft has released security updates for 61 vulnerabilities in its May 2024 Patch Tuesday rollout. There are two zero-day vulnerabilities patched, affecting Windows MSHTML (CVE-2024-30040) and Desk[…]
CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the […]
April 2024 Patch Tuesday: Three Critical RCE Vulnerabilities in Microsoft Defender for IoT
Microsoft has released security updates for 150 vulnerabilities in its April 2024 Patch Tuesday rollout, a much larger amount than in recent months. There are three Critical remote code execution vuln[…]
March 2024 Patch Tuesday: Two Critical Bugs Among 60 Vulnerabilities Patched
Microsoft has released security updates for 60 vulnerabilities in its March 2024 Patch Tuesday rollout. There are two Critical vulnerabilities patched (CVE-2024-21407 and CVE-2024-21408), both of whic[…]
February 2024 Patch Tuesday: Two Zero-Days Amid 73 Vulnerabilities
Microsoft has released security updates for 73 vulnerabilities for its February 2024 Patch Tuesday rollout. These include two actively exploited zero-days (CVE-2024-21412 and CVE-2024-21351), both of […]
January 2024 Patch Tuesday: 49 Vulnerabilities Disclosed on First Patch Tuesday of the Year
In a relatively quiet week for Microsoft Patch Tuesday, the vendor announced 49 vulnerabilities affecting Microsoft products, two of which are critical, and a number of remote code execution (RCE) vul[…]
December 2023 Patch Tuesday: 34 Vulnerabilities Including One Previously Disclosed Zero-Day
Microsoft has released security updates for 34 vulnerabilities, including one previously disclosed zero-day (CVE-2023-20588), a vulnerability affecting Advanced Micro Devices (AMD) processors. Four of[…]
November 2023 Patch Tuesday: 58 Vulnerabilities Including Three Actively Exploited Zero-Days
Microsoft has released security updates for 58 vulnerabilities, including five zero-days, three of which are being actively exploited. One of the zero-days (CVE-2023-36025) is a Windows SmartScreen Se[…]
October 2023 Patch Tuesday: 104 Vulnerabilities Including Three Actively Exploited Zero-Days
This month marks the 20th anniversary of Patch Tuesday, and Microsoft has released security updates for 104 vulnerabilities, including three zero-days. One of the zero-days (CVE-2023-41763) is an elev[…]
September 2023 Patch Tuesday: Two Actively Exploited Zero-Days and Five Critical Vulnerabilities Addressed
Microsoft has released security updates for 62 vulnerabilities and two zero-days for its September 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-36802) is an elevation of privilege vulner[…]
August 2023 Patch Tuesday: Two Actively Exploited Zero-Days and Six Critical Vulnerabilities Addressed
Microsoft has released security updates for 76 vulnerabilities and two zero-days for its August 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability i[…]
July 2023 Patch Tuesday: Six Actively Exploited Zero-Days and Nine Critical Vulnerabilities Identified
Microsoft has released security updates for 131 vulnerabilities and a disclosure for one yet-unpatched vulnerability for its July 2023 Patch Tuesday rollout: 9 are rated as Critical while the remainin[…]
June 2023 Patch Tuesday: 78 Vulnerabilities with 6 Rated Critical and 38 Remote Code Execution
Microsoft has released 78 security patches for its June 2023 Patch Tuesday rollout. Of the vulnerabilities patched today, 6 are classified as Critical and 38 are remote code execution (RCE) flaws. Jun[…]
May 2023 Patch Tuesday: Three Zero-Days and Six Critical Vulnerabilities Identified
Microsoft has released patches for 38 vulnerabilities for its May 2023 Patch Tuesday rollout: 6 are rated as Critical while the remaining 32 are rated as Important. Three vulnerabilities are identifie[…]
April 2023 Patch Tuesday: One Zero-Day and Seven Critical Vulnerabilities Identified
Microsoft has released patches for 97 vulnerabilities for its April 2023 Patch Tuesday rollout: 7 are classified as Critical while the remaining 90 are classified as Important. One vulnerability is id[…]
March 2023 Patch Tuesday: 9 Critical CVEs, Including Two Actively Exploited Zero Days
Microsoft has released 80 security patches for its March 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, 70 Important and 1 Moderate. Two actively exploited zero-day vulnerabilities […]
February 2023 Patch Tuesday: 9 Critical CVEs, and 3 Zero Days Being Actively Exploited in the Wild
Microsoft has released 75 security patches for its February 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, and the remaining 66 are rated Important. Three actively exploited vulnera[…]
January 2023 Patch Tuesday: 98 Vulnerabilities with 11 Rated Critical and 1 Zero-Day Under Active Attack
The first Patch Tuesday of 2023 is starting the year with a large number of bug fixes. Microsoft released 98 security patches for its January 2023 Patch Tuesday rollout, almost double the number relea[…]
December 2022 Patch Tuesday: 10 Critical CVEs, One Zero-Day, One Under Active Attack
Microsoft has released 49 security patches for its December 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical, two are rated Medium and the rest are rated Important. DirectX […]
November 2022 Patch Tuesday: 10 Critical CVEs, 6 Zero-Days and the Highly Anticipated ProxyNotShell Patches
Microsoft has released 66 security patches for its November 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical and the remaining 56 are rated Important. It should be noted tha[…]
October 2022 Patch Tuesday: 13 Critical CVEs, One Actively Exploited Bug, ProxyNotShell Still Unpatched
Microsoft has released 84 security patches for its October 2022 Patch Tuesday rollout. Of these, 13 vulnerabilities are rated Critical, while the remaining 71 are rated Important. It should be noted t[…]
September 2022 Patch Tuesday: One Active Zero-Day and Five Critical CVEs
Microsoft has released 63 security patches for its September 2022 Patch Tuesday rollout. Five vulnerabilities are rated Critical, 57 are rated Important, one is Moderate, and one is rated Low in sever[…]
August 2022 Patch Tuesday: 17 Critical CVEs and Two Zero-Days, One Under Active Exploitation
Microsoft has released 121 security patches for its August 2022 Patch Tuesday rollout. Seventeen vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-[…]
July 2022 Patch Tuesday: Four Critical CVEs and a Zero-Day Bug Under Active Exploitation
Microsoft has released 84 security patches for its July 2022 Patch Tuesday rollout. Four vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-2022-220[…]
June 2022 Patch Tuesday: Three Critical CVEs and a Fix for the Follina Vulnerability
Microsoft has released 55 security patches for its June 2022 Patch Tuesday rollout. Three of the 55 CVEs addressed are rated Critical severity, with CVE-2022-30136 having the highest CVSS score of 9.8[…]
May 2022 Patch Tuesday: Six Critical CVEs Fixed and a Windows Vulnerability Actively Exploited
Microsoft has released 73 security patches for its May Patch Tuesday rollout. One of the 73 CVEs addressed, Windows LSA Spoofing Vulnerability CVE-2022-26925, is ranked as Important and is under activ[…]
April 2022 Patch Tuesday: 10 Critical CVEs, One Zero-Day Under Attack and Wormable Bugs
Microsoft has released 117 security patches for its April Patch Tuesday rollout. Of the 117 CVEs addressed, two are ranked as Important zero-days, including CVE-2022-24521, which is under active explo[…]
March 2022 Patch Tuesday: Critical Microsoft Exchange Bug and Three Zero-day Vulnerabilities
Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulne[…]
February 2022 Patch Tuesday: Windows Kernel Zero-Day and Servicing Stack Updates
Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vuln[…]
January 2022 Patch Tuesday: Multiple Critical Vulnerabilities and Microsoft Exchange Remote Code Execution
Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this […]
December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple cri[…]
November 2021 Patch Tuesday: Two Active Zero-Days and Four Publicly Disclosed CVEs
As the year draws to a close, the active exploitation of Microsoft vulnerabilities continues unabated. Once again, a broad range of Microsoft products are included in this month’s Patch Tuesday update[…]
October 2021 Patch Tuesday: Active Zero-Day Exploit for Windows PC, and Critical CVEs for Hyper-V and Spooler Service
Microsoft has released its October 2021 updates covering a garden variety of vulnerabilities that threat actors can exploit using several attack types, from remote code execution to spoofing to privil[…]
September 2021 Patch Tuesday: A Malicious MSHTML Zero-Day and Ongoing Critical CVEs
Attackers are continually taking advantage of Microsoft products, and this month’s vulnerabilities and subsequent patch updates reflect that reality. One particular zero-day vulnerability, CVE-2021-40[…]
August 2021 Patch Tuesday: Active Exploited Vulnerabilities, Window Print Spooler Updates and More
August’s Patch Tuesday covered less than half as many patched vulnerabilities as July. Two of the vulnerabilities patched this month (CVE-2021-34481 and CVE-2021-36934) were previously disclosed and h[…]
Diving Deep: Analyzing 2021 Patch Tuesday and Out-of-Band Vulnerability Disclosures
Imagine this scenario: Your IT staff, pressed for time, checks for patches once every month after the Microsoft Patch Tuesday release. They spend a few minutes gathering intel and perhaps a few more m[…]
July 2021 Patch Tuesday: Greatest Number of Updates for Ongoing Zero-Day Vulnerabilities Year-to-Date
The month of July 2021 has been particularly challenging for organizations relying on Microsoft products. Along with the ongoing PrintNightmare out-of-band patch bypass situation affecting Windows Pri[…]
June 2021 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs
This month’s patch update covers 50 vulnerabilities, with 6 of them actively exploited - the highest number we’ve seen so far in 2021. Five of these in-the-wild exploits affect default Windows compone[…]
May 2021 Patch Tuesday: Prioritize Critical Remote Code Execution and New Wormable CVEs
Last month, teams participating in a global hacking contest, Pwn2Own, succeeded in exploiting several Microsoft products on the first day of the competition. These Windows products, which include Micr[…]
April 2021 Patch Tuesday: Active Exploits and Another Zero-Day Vulnerability
The year 2021 has required a lot of attention from cyber-savvy Microsoft users so far, considering the quantity and severity of vulnerabilities requiring updates and also the increased urgency to rele[…]
March 2021 Patch Tuesday: More Microsoft Zero-Day Vulnerabilities and More CVEs
In this Microsoft Patch Tuesday update, we discuss several critical vulnerabilities, including a newly released zero-day targeting Internet Explorer that has already seen active exploitation in the wi[…]