Microsoft tops last month’s record with 622 Patch Tuesday CVEs


Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high.

Redmond’s Patch Tuesday release is once again one for the record books, with everything under the sun getting some security fixes – including 428 non-Microsoft Chromium CVEs affecting Edge that aren’t included in that 622 count. Fifty-eight of those are critical, two are under active exploit, and one has already been publicly disclosed, meaning it could join those other two in short order.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild

    July 11, 2023

    Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year. The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.” Read more… Source: Talos  

  • Attackers Exploit Unpatched Windows Zero-Day Vulnerability

    July 11, 2023

    A zero-day vulnerability (CVE-2023-36884) affecting Microsoft Windows and Office products is being exploited by attackers in the wild. To date, the exploit has been used in highly targeted attacks against organizations in the government and defense sectors in Europe and North America. The vulnerability was disclosed yesterday (July 11) by Microsoft, which said that an attacker ...

  • Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now

    July 4, 2023

    Hundreds of thousands of FortiGate firewalls are yet to be patched against a flaw being actively used in the wild, experts have revealed. Cybersecurity researchers from Bishop Fox recently used the Shodan.io search engine for internet-connected devices to look for servers with HTTPS responses that suggested the software was outdated. The results brought back almost 490,000 ...

  • CISA Releases Nine Industrial Control Systems Advisories

    June 29, 2023

    CISA released nine Industrial Control Systems (ICS) advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric EcoStruxure ICSA-23-180-03 Ovarro TBox RTUs Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • CISA Adds Five Known Exploited Vulnerabilities to Catalog

    June 23, 2023

    CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Apple Releases Security Updates for Multiple Products

    June 22, 2023

    Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. watchOS 8.8.1 macOS Big Sur 11.7.8 macOS Monterey 12.6.7 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency