Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities.
So far this month, Microsoft has already provided patches to address one browser vulnerability and around a dozen vulnerabilities in open source products, which are not included in the Patch Tuesday count above.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bluetooth flaws allow attackers to impersonate legitimate devices
May 24, 2021
Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks. The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable ...
- Apple patches macOS flaw exploited by malware to secretly snap screenshots
May 24, 2021
Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims’ Macs. The security flaw can also be potentially abused to access files and record video and audio from the computer. The iGiant has also released iOS and iPadOS 14.6, which fixes 43 CVE-listed security flaws and adding ...
- Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners
May 21, 2021
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything else: it’s too difficult to pull off during an actual flight, and it’s rare these days ...
- Open Source Vulnerabilities Converging DevOps & SecOps
May 20, 2021
Workplace evolution is in favor of traditional siloes being torn down and replaced with increased cross-functional collaboration, working in lockstep to deliver better outcomes. But it is not as easy as it sounds. Security and development teams have historically worked in siloes, which has created a long- standing disconnect between them. Both teams are responsible for ...
- Hackers scan for vulnerable devices minutes after bug disclosure
May 19, 2021
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. The adversaries’ efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure. Read more… Source: Bleeping Computer
- Windows PoC Exploit Released for Wormable RCE
May 19, 2021
A researcher has released a proof-of-concept (PoC) exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack (http.sys) that could lead to wormable remote code execution (RCE). Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch Tuesday update. This was the most severe bug in that batch: an http.sys ...