Microsoft tops last month’s record with 622 Patch Tuesday CVEs


Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high.

Redmond’s Patch Tuesday release is once again one for the record books, with everything under the sun getting some security fixes – including 428 non-Microsoft Chromium CVEs affecting Edge that aren’t included in that 622 count. Fifty-eight of those are critical, two are under active exploit, and one has already been publicly disclosed, meaning it could join those other two in short order.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • New ZHtrap botnet malware deploys honeypots to find more targets

    March 12, 2021

    A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect. The malware, dubbed ZHtrap by the 360 Netlab security researchers who spotted it, is loosely based on Mirai’s source code, and it comes with support for x86, ARM, MIPS, and other ...

  • Security and Privacy of COVID-19 Contact-Tracing Apps

    March 12, 2021

    Symantec analyzed the top 25 COVID-19 national contact-tracing apps to see which follow security and privacy best practices. Unfortunately, in this new COVID-19 era it’s not just our computers we have to protect from infection, but also ourselves and our loved ones. Along with social distancing, wearing a mask, and washing our hands, technology is also ...

  • Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors

    March 11, 2021

    Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group. Hafnium is a group of cyberattackers originating from China. The collective recently came into the spotlight due to Microsoft linking them to recent attacks exploiting four zero-day vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — in Microsoft Exchange Server. Microsoft ...

  • Microsoft Exchange Servers Face APT Attack Tsunami

    March 11, 2021

    Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions ...

  • F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws

    March 11, 2021

    F5 Networks has pushed out patches to tackle four critical vulnerabilities in BIG-IP, one of which can be exploited for unauthenticated remote code execution (RCE) attacks. The enterprise networking provider’s BIG-IP applications are enterprise-grade, modular software suites designed for data and app delivery, load balancing, traffic management, and other business functions. F5 says that 48 out of ...

  • Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

    March 8, 2021

    Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies. According to researchers, at least 2,500 ...