Exposure Management
May 2024 Patch Tuesday: Two Zero-Days Among 61 Vulnerabilities Addressed
Microsoft has released security updates for 61 vulnerabilities in its May 2024 Patch Tuesday rollout. There are two zero-day vulnerabilities patched, affecting Windows MSHTML (CVE-2024-30040) and Desk[…]
CrowdStrike Named the Only Customers’ Choice in 2024 Gartner® “Voice of the Customer” for External Attack Surface Management
As adversaries become faster and stealthier, they relentlessly search for vulnerable assets to exploit. Meanwhile, your digital footprint is expanding, making it increasingly challenging to keep track[…]
CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the […]
April 2024 Patch Tuesday: Three Critical RCE Vulnerabilities in Microsoft Defender for IoT
Microsoft has released security updates for 150 vulnerabilities in its April 2024 Patch Tuesday rollout, a much larger amount than in recent months. There are three Critical remote code execution vuln[…]
CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified […]
March 2024 Patch Tuesday: Two Critical Bugs Among 60 Vulnerabilities Patched
Microsoft has released security updates for 60 vulnerabilities in its March 2024 Patch Tuesday rollout. There are two Critical vulnerabilities patched (CVE-2024-21407 and CVE-2024-21408), both of whic[…]
CrowdStrike Named the Only Customers' Choice: 2024 Gartner® “Voice of the Customer” for Vulnerability Assessment
It is a common refrain in security circles that "nobody loves their vulnerability management tool." CrowdStrike may have just proved to be the exception. We are proud to announce that CrowdStrike is t[…]
February 2024 Patch Tuesday: Two Zero-Days Amid 73 Vulnerabilities
Microsoft has released security updates for 73 vulnerabilities for its February 2024 Patch Tuesday rollout. These include two actively exploited zero-days (CVE-2024-21412 and CVE-2024-21351), both of […]
January 2024 Patch Tuesday: 49 Vulnerabilities Disclosed on First Patch Tuesday of the Year
In a relatively quiet week for Microsoft Patch Tuesday, the vendor announced 49 vulnerabilities affecting Microsoft products, two of which are critical, and a number of remote code execution (RCE) vul[…]
December 2023 Patch Tuesday: 34 Vulnerabilities Including One Previously Disclosed Zero-Day
Microsoft has released security updates for 34 vulnerabilities, including one previously disclosed zero-day (CVE-2023-20588), a vulnerability affecting Advanced Micro Devices (AMD) processors. Four of[…]
CrowdStrike Discovers Vulnerability in Flexera's FlexNet Inventory Agent (CVE-2023-29082)
CrowdStrike discovered a vulnerability in Flexera's FlexNet Inventory Agent that can be exploited to allow arbitrary code execution and privilege escalation under certain conditions. The vulnerability[…]
November 2023 Patch Tuesday: 58 Vulnerabilities Including Three Actively Exploited Zero-Days
Microsoft has released security updates for 58 vulnerabilities, including five zero-days, three of which are being actively exploited. One of the zero-days (CVE-2023-36025) is a Windows SmartScreen Se[…]
CrowdStrike Named a Leader in Risk-Based Vulnerability Management by IDC MarketScape
At CrowdStrike, we’re on a mission to stop breaches. As adversaries weaponize vulnerabilities with increasing speed, organizations must accelerate their ability to identify security gaps and proactive[…]
Patch Tuesday Turns 20: The Growth and Impact of Microsoft’s Vulnerability Problem
Twenty years ago, Microsoft introduced the concept of Patch Tuesday to “reduce the burden on IT administrators by adding a level of increased predictability and manageability.” The goal of Patch Tuesd[…]
How Well Do You Know Your Attack Surface? Five Tips to Reduce the Risk of Exposure
In an increasingly connected digital landscape, the security of your organization's data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report,[…]
October 2023 Patch Tuesday: 104 Vulnerabilities Including Three Actively Exploited Zero-Days
This month marks the 20th anniversary of Patch Tuesday, and Microsoft has released security updates for 104 vulnerabilities, including three zero-days. One of the zero-days (CVE-2023-41763) is an elev[…]
September 2023 Patch Tuesday: Two Actively Exploited Zero-Days and Five Critical Vulnerabilities Addressed
Microsoft has released security updates for 62 vulnerabilities and two zero-days for its September 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-36802) is an elevation of privilege vulner[…]
New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)
Two new privilege escalation CVEs, CVE-2023-2640 and CVE-2023-32629, have been discovered in the Ubuntu kernel OverlayFS module. The CVEs affect not only any Ubuntu hosts running with vulnerable kerne[…]
Three Ways to Enhance Your Cloud Security with External Attack Surface Management
The IT future is a cloudy one. Organizations are increasingly relying on cloud servers, as today’s IT environments use a combination of public and private clouds alongside on-premise infrastructure. G[…]
August 2023 Patch Tuesday: Two Actively Exploited Zero-Days and Six Critical Vulnerabilities Addressed
Microsoft has released security updates for 76 vulnerabilities and two zero-days for its August 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability i[…]
July 2023 Patch Tuesday: Six Actively Exploited Zero-Days and Nine Critical Vulnerabilities Identified
Microsoft has released security updates for 131 vulnerabilities and a disclosure for one yet-unpatched vulnerability for its July 2023 Patch Tuesday rollout: 9 are rated as Critical while the remainin[…]
June 2023 Patch Tuesday: 78 Vulnerabilities with 6 Rated Critical and 38 Remote Code Execution
Microsoft has released 78 security patches for its June 2023 Patch Tuesday rollout. Of the vulnerabilities patched today, 6 are classified as Critical and 38 are remote code execution (RCE) flaws. Jun[…]
CrowdStrike Enhances Falcon Discover to Reduce the Attack Surface, Streamline Operations and Lower Costs
CrowdStrike Falcon® Discover delivers deep asset visibility with no hardware to deploy or manage, providing valuable context for all of your assets. For IT and security teams alike, Falcon Discover is[…]
May 2023 Patch Tuesday: Three Zero-Days and Six Critical Vulnerabilities Identified
Microsoft has released patches for 38 vulnerabilities for its May 2023 Patch Tuesday rollout: 6 are rated as Critical while the remaining 32 are rated as Important. Three vulnerabilities are identifie[…]
April 2023 Patch Tuesday: One Zero-Day and Seven Critical Vulnerabilities Identified
Microsoft has released patches for 97 vulnerabilities for its April 2023 Patch Tuesday rollout: 7 are classified as Critical while the remaining 90 are classified as Important. One vulnerability is id[…]
March 2023 Patch Tuesday: 9 Critical CVEs, Including Two Actively Exploited Zero Days
Microsoft has released 80 security patches for its March 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, 70 Important and 1 Moderate. Two actively exploited zero-day vulnerabilities […]
February 2023 Patch Tuesday: 9 Critical CVEs, and 3 Zero Days Being Actively Exploited in the Wild
Microsoft has released 75 security patches for its February 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, and the remaining 66 are rated Important. Three actively exploited vulnera[…]
Exploiting CVE-2021-3490 for Container Escapes
Today, containers are the preferred approach to deploy software or create build environments in CI/CD lifecycles. However, since the emergence of container solutions and environments like Docker and K[…]
January 2023 Patch Tuesday: 98 Vulnerabilities with 11 Rated Critical and 1 Zero-Day Under Active Attack
The first Patch Tuesday of 2023 is starting the year with a large number of bug fixes. Microsoft released 98 security patches for its January 2023 Patch Tuesday rollout, almost double the number relea[…]
Unveiling CrowdStrike Falcon Surface: The Industry’s Most Complete Adversary-Driven External Attack Surface Management (EASM) Technology
Resilient cybersecurity posture can only be achieved with a full understanding of your internal and external attack surface. CrowdStrike Falcon® Surface builds on our award-winning adversary intellige[…]
December 2022 Patch Tuesday: 10 Critical CVEs, One Zero-Day, One Under Active Attack
Microsoft has released 49 security patches for its December 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical, two are rated Medium and the rest are rated Important. DirectX […]
November 2022 Patch Tuesday: 10 Critical CVEs, 6 Zero-Days and the Highly Anticipated ProxyNotShell Patches
Microsoft has released 66 security patches for its November 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical and the remaining 56 are rated Important. It should be noted tha[…]
October 2022 Patch Tuesday: 13 Critical CVEs, One Actively Exploited Bug, ProxyNotShell Still Unpatched
Microsoft has released 84 security patches for its October 2022 Patch Tuesday rollout. Of these, 13 vulnerabilities are rated Critical, while the remaining 71 are rated Important. It should be noted t[…]
September 2022 Patch Tuesday: One Active Zero-Day and Five Critical CVEs
Microsoft has released 63 security patches for its September 2022 Patch Tuesday rollout. Five vulnerabilities are rated Critical, 57 are rated Important, one is Moderate, and one is rated Low in sever[…]
Out of Sight, Out of Mind: Why EASM Is the Foundation of Zero Trust Architecture
A hailed cybersecurity buzzword: Zero Trust was born out of the critical need to modernize outdated IT architecture, which assumes that all assets within an organization — and attached to it — should […]
August 2022 Patch Tuesday: 17 Critical CVEs and Two Zero-Days, One Under Active Exploitation
Microsoft has released 121 security patches for its August 2022 Patch Tuesday rollout. Seventeen vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-[…]
The Risks of Expired SSL Certificates
SSL certificates grant authentication to your websites or domains and are critical for ensuring proper encryption of internet traffic and verified server identity. Without these certificates, end user[…]
July 2022 Patch Tuesday: Four Critical CVEs and a Zero-Day Bug Under Active Exploitation
Microsoft has released 84 security patches for its July 2022 Patch Tuesday rollout. Four vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-2022-220[…]
June 2022 Patch Tuesday: Three Critical CVEs and a Fix for the Follina Vulnerability
Microsoft has released 55 security patches for its June 2022 Patch Tuesday rollout. Three of the 55 CVEs addressed are rated Critical severity, with CVE-2022-30136 having the highest CVSS score of 9.8[…]
CrowdStrike Falcon Protects Customers from Follina (CVE-2022-30190)
On May 27, 2022, a remote code execution vulnerability was reported affecting the Microsoft Windows Support Diagnostic Tool (MSDT) The vulnerability, which is classified as a zero-day, can be invoked […]
May 2022 Patch Tuesday: Six Critical CVEs Fixed and a Windows Vulnerability Actively Exploited
Microsoft has released 73 security patches for its May Patch Tuesday rollout. One of the 73 CVEs addressed, Windows LSA Spoofing Vulnerability CVE-2022-26925, is ranked as Important and is under activ[…]
CVE-2022-23648: Kubernetes Container Escape Using Containerd CRI Plugin and Mitigation
CVE-2022-23648, reported by Google’s Project Zero in November 2021, is a Kubernetes runtime vulnerability found in Containerd, a popular Kubernetes runtime. It lies in Containerd’s CRI plugin that han[…]
CrowdStrike Falcon® Spotlight Fuses Endpoint Data with CISA's Known Exploited Vulnerabilities Catalog
In this blog you will: Learn how to leverage the CrowdStrike Falcon® Spotlight™ integrated threat and vulnerability management module to fuse your endpoint telemetry with CISA's Known Exploited Vulner[…]
April 2022 Patch Tuesday: 10 Critical CVEs, One Zero-Day Under Attack and Wormable Bugs
Microsoft has released 117 security patches for its April Patch Tuesday rollout. Of the 117 CVEs addressed, two are ranked as Important zero-days, including CVE-2022-24521, which is under active explo[…]
cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)
CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerabilit[…]
March 2022 Patch Tuesday: Critical Microsoft Exchange Bug and Three Zero-day Vulnerabilities
Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulne[…]
CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility
Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign wit[…]
February 2022 Patch Tuesday: Windows Kernel Zero-Day and Servicing Stack Updates
Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vuln[…]
Hunting pwnkit Local Privilege Escalation in Linux (CVE-2021-4034)
In November 2021, a vulnerability was discovered in a ubiquitous Linux module named Polkit. Developed by Red Hat, Polkit facilitates the communication between privileged and unprivileged processes on […]
January 2022 Patch Tuesday: Multiple Critical Vulnerabilities and Microsoft Exchange Remote Code Execution
Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this […]
December 2021 Patch Tuesday: AppX Installer Zero-day, Multiple Critical Vulnerabilities
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple cri[…]
Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting[…]
Falcon Spotlight ExPRT.AI Aids Federal Agencies in Meeting CISA Mandate
The Cybersecurity and Infrastructure Security Agency (CISA) issued a mandate on November 2, 2021, for all U.S. federal agencies to fix hundreds of known vulnerabilities. Binding Operational Directive […]
November 2021 Patch Tuesday: Two Active Zero-Days and Four Publicly Disclosed CVEs
As the year draws to a close, the active exploitation of Microsoft vulnerabilities continues unabated. Once again, a broad range of Microsoft products are included in this month’s Patch Tuesday update[…]
October 2021 Patch Tuesday: Active Zero-Day Exploit for Windows PC, and Critical CVEs for Hyper-V and Spooler Service
Microsoft has released its October 2021 updates covering a garden variety of vulnerabilities that threat actors can exploit using several attack types, from remote code execution to spoofing to privil[…]
Falcon Spotlight Is Changing the Game: Vulnerability Management With Ever-Adapting AI
This announcement is part of the Fal.Con 2021 CrowdStrike Cybersecurity Conference, Oct. 12-14. Register now for free to learn all about our other exciting new products and partnerships! SecOps has a […]
September 2021 Patch Tuesday: A Malicious MSHTML Zero-Day and Ongoing Critical CVEs
Attackers are continually taking advantage of Microsoft products, and this month’s vulnerabilities and subsequent patch updates reflect that reality. One particular zero-day vulnerability, CVE-2021-40[…]
August 2021 Patch Tuesday: Active Exploited Vulnerabilities, Window Print Spooler Updates and More
August’s Patch Tuesday covered less than half as many patched vulnerabilities as July. Two of the vulnerabilities patched this month (CVE-2021-34481 and CVE-2021-36934) were previously disclosed and h[…]
Diving Deep: Analyzing 2021 Patch Tuesday and Out-of-Band Vulnerability Disclosures
Imagine this scenario: Your IT staff, pressed for time, checks for patches once every month after the Microsoft Patch Tuesday release. They spend a few minutes gathering intel and perhaps a few more m[…]
July 2021 Patch Tuesday: Greatest Number of Updates for Ongoing Zero-Day Vulnerabilities Year-to-Date
The month of July 2021 has been particularly challenging for organizations relying on Microsoft products. Along with the ongoing PrintNightmare out-of-band patch bypass situation affecting Windows Pri[…]
Microsoft's Incomplete Patch: Ongoing PrintNightmare for CVE-2021-1675, CVE-2021-34527
As part of June’s Patch Tuesday, an update for CVE-2021-1675 “Windows Print Spooler Remote Code Execution Vulnerability” was published. However, weeks later, researchers uncovered that the CVE-2021-16[…]
June 2021 Patch Tuesday: Six Actively Exploited Zero-Day Vulnerabilities and More Critical CVEs
This month’s patch update covers 50 vulnerabilities, with 6 of them actively exploited - the highest number we’ve seen so far in 2021. Five of these in-the-wild exploits affect default Windows compone[…]
CrowdStrike Falcon® Detects Kernel Attacks Exploiting Vulnerable Dell Driver (CVE-2021-21551)
Vulnerabilities in the kernel mode component have serious implications on endpoint security. Operating systems and independent software vendors have been improving the security of code for years, but […]
May 2021 Patch Tuesday: Prioritize Critical Remote Code Execution and New Wormable CVEs
Last month, teams participating in a global hacking contest, Pwn2Own, succeeded in exploiting several Microsoft products on the first day of the competition. These Windows products, which include Micr[…]
Defense Is Still the Best Offense: Why Continuous Vulnerability Management Is Essential
The threat landscape is constantly evolving, with an increase in incidents and breaches being reported rapidly across industries. In 2020, the number of data breaches soared from a decade ago, accordi[…]
April 2021 Patch Tuesday: Active Exploits and Another Zero-Day Vulnerability
The year 2021 has required a lot of attention from cyber-savvy Microsoft users so far, considering the quantity and severity of vulnerabilities requiring updates and also the increased urgency to rele[…]
Vulnerability Roundup: 10 Critical CVEs of 2020
One lesson from 2020 is clear: Patching security holes must be a high priority for security operations teams throughout this year and beyond. While the newest vulnerabilities often get the most media […]
March 2021 Patch Tuesday: More Microsoft Zero-Day Vulnerabilities and More CVEs
In this Microsoft Patch Tuesday update, we discuss several critical vulnerabilities, including a newly released zero-day targeting Internet Explorer that has already seen active exploitation in the wi[…]
February 2021 Patch Tuesday: Updates for Zerologon and Notable CVE-2021-1732
While the total number of patches Microsoft delivered in its "Patch Tuesday" update this month is lower than usual, it included some sorely needed fixes -- including one that addresses Zerologon, a vu[…]
How to Stay Cyber Aware of Weaknesses and Vulnerabilities in Your Environment
Identifying and remediating vulnerabilities is a fundamental step toward creating a secure IT environment. Building a successful vulnerability management program, however, requires more than just tech[…]
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM[…]
Active Directory Open to More NTLM Attacks: Drop The MIC 2 (CVE 2019-1166) and Exploiting LMv2 Clients (CVE-2019-1338)
This blog was originally published on October 8, 2019. On October 8, 2019, aka Patch Tuesday, Microsoft released patches for CVE 2019-1166 and CVE-2019-1338 — two important vulnerabilities discovered […]
Integer Overflow in Active Directory (CVE-2020-1267)
This blog was originally published on July 14, 2020. On July 14, 2020 Patch Tuesday, Microsoft released a patch for CVE-2020-1267, an important vulnerability in the Active Directory (AD) identity stor[…]
Custom Dashboard Offers Greater Visibility for Zerologon Vulnerability
A serious and potentially dire patch warning has been issued by the Department of Homeland Security (DHS) advisory team, the Cybersecurity and Infrastructure Security Agency (CISA). The alert, labeled[…]
CVE-2014-1761 - The Alley of Compromise
A significant fraction of targeted attacks involve spear phishing emails with malicious lure documents that, when opened, exploit a vulnerability in the document viewer application to invoke a backdoo[…]