Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities.
So far this month, Microsoft has already provided patches to address one browser vulnerability and around a dozen vulnerabilities in open source products, which are not included in the Patch Tuesday count above.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Attack Surface Management 2022 Midyear Review – Part 3
November 3, 2022
With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, Trend Micro researchers discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, Trend Micro researchers talk ...
- Gregor Samsa: Exploiting Java’s XML Signature Verification
November 2, 2022
XML Signatures are a typical example of a security protocol invented in the early 2000’s. They suffer from high complexity, a large attack surface and a wealth of configurable features that can weaken or break its security guarantees in surprising ways. Modern usage of XML signatures is mostly restricted to somewhat obscure protocols and legacy ...
- OpenSSL downgrades horror bug after week of panic, hype
November 1, 2022
OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week. After days of speculation, infosec professionals and armchair bug hunters received more of a trick than a treat on November 1: two CVE-tagged security issues, both rated “high” severity, to patch. One flaw was earlier rated “critical,” though it has ...
- CISA Releases One Industrial Control Systems Advisory
November 1, 2022
CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Actively exploited Windows MoTW zero-day gets unofficial patch
October 30, 2022
A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11. Last weekend, BleepingComputer reported that threat actors were using stand-alone JavaScript files to install the Magniber ransomware on victims’ devices. When a user downloads a file from ...
- Attack Surface Management 2022 Midyear Review – Part 2
October 27, 2022
The cybersecurity landscape changed significantly in the first half of 2022. In our midyear roundup, Trend Micro researchers examine these changes and their effects on business operations as well as what you need to know about staying protected from online attacks. In part one of the series, Trend Micro researchers talked about the growing attack surface ...