Microsoft has blocked Secure Boot mitigations for the BlackLotus (CVE-2023-24932) vulnerability on some PCs. The block affects Windows Server 2012 and 2012 R2 systems due to incompatibilities with TPM
Security patch RSS
Microsoft released patches for a couple of Kerberos authentication vulnerabilities tracked under CVE-2024-26248 and CVE-2024-29056. Details about its enforcement timeline have been shared.
Nearly all motherboard makes were found vulnerable to the LogoFAIL security flaw at the end of last year. And at long last, AMD's vendor partners are finally beginning to roll out patched firmware.
Microsoft has released a new update for Edge 123 in the Stable Channel. Version 123.0.2420.81 is now available for download with security patches for three Chromium and two Edge vulnerabilities.
_medium.jpg)
Microsoft, in January, alerted about a security flaw that bypasses BitLocker. The company has now made some slight tweaks to a PowerShell script it published that helps patch the vulnerability.
Microsoft released a security fix for a Group Policy-related vulnerability for the oldest Windows 10 version recently. The patch should be will be deployed via the RSAT Server tool.
Microsoft has addressed a security vulnerability that can lead to BitLocker Secure Boot bypass on both Windows 10 and 11. Alongside that, the company has also detailed how to resize the WinRE space.
Microsoft released Windows security updates for Windows 11 as well as 10 this week via Patch Tuesday. It also rolled out security fixes for Office 2013/2016 that resolve spoofing and more such flaws.
Google has released an emergency security update, which fixes a new Chrome zero-day security vulnerability. The new firmware is rolling out to users in the Stable and Extended stable channel.
Microsoft's August 2023 Exchange Server security update (SUs) had major issues, so much so that the tech giant had to pull the updates. The issue has been resolved with re-published SUs.
_medium.jpg)
Microsoft recently began patching UEFI bootkit vulnerabilities with this month's Patch Tuesday update. The company has now released a helpful guide about blocking such Windows boot managers.
Microsoft has issued PowerShell scripts for multiple security vulnerabilities on Windows 11 and Windows 10. These are for speculative side channel attack CPU flaws, thirteen in total.
Microsoft and Intel released updated mitigations of MMIO security flaw last month for several Windows 10, Windows 11 and Server versions. For the remaining, the updated files are now available.
Microsoft has issued an update today about the third phase security hardening changes deployment for Windows Server Kerberos protocol. These changes are meant to patch a major security flaw.
Microsoft has issued a reminder today about the third phase security hardening changes deployment for Windows Server Kerberos protocol. These changes are meant to patch a major security flaw.
Microsoft, today, has released additional helpful resources regarding DCOM hardening, which has been in place since 2021. This comes a month after the company issued a reminder about the changes.
_medium.jpg)
Microsoft has released a couple of PowerShell scripts to address a BitLocker bypass security vulnerability issue. In its bulletin, the company has explained the differences between the two scripts.
Nvidia has released a couple of drivers today for Kepler-based GeForce GTX 600 and 700 series cards. However, these drivers are not your usual Game Ready drivers but are important security updates.
ESET has discovered another set of security vulnerabilities on Windows 11 and 10 Lenovo laptops. These allow attackers to disable Secure Boot. A list of vulnerable device models has been published.
Windows 7 and Server 2008 R2 extended security updates are bound to cease in 2023 and 2024, respectively. The 0patch team aims to take Microsoft's place in updating these unofficially.
AMD's Zen 4 has been tested with the various Spectre variant mitigations and the performance is surprisingly good. In fact, overall, the Ryzen 7950X has managed to beat the unpatched system.
Today, Microsoft has issued important security fixes to address DoS vulnerabilities affecting .NET Core and Visual Studio. The patches are available via .NET 6.0.9 and .NET Core 3.1.29.
Apple has sent out iOS and iPadOS 15.7, and macOS 12.6. These contain security patches that are already in iOS 16. Apple has two reasons for seeding incremental updates alongside latest versions.
HP has warned that it has discovered a new high severity privilege escalation vulnerability inside its own Support Assistant software utility. The company has also issued a fix for the security flaw.
With Patch Tuesday recently, Microsoft released the KB5012170 update which adds new vulnerable UEFI signatures to the Secure Boot DBX. The newly added signatures are related to the GRUB vulnerability.
_medium.jpg)
Following the recent Follina security vulnerability, another Microsoft Support Diagnostic Tool (MSDT) bug has been found called "DogWalk". This one too has been ignored by Microsoft at first glance.
Nvidia has released a couple of drivers today for Kepler-based GeForce GTX 600 and 700 series cards. However, these drivers are not your usual Game Ready drivers but are important security updates.
Nearly all Android smartphones and devices packing MediaTek or Qualcomm with a Security Patch dated prior to December 2021 remain vulnerable to an RCE security bug that can allow eavesdropping.
Several popular Lenovo consumer models, including IdeaPad, Legion, and more, have been found to be vulnerable to UEFI firmware security bugs. The vulnerabilities can lead to privilege of escalation.
Latest Microsoft Edge 99 and Chrome 99 stable releases bring important fixes for several security vulnerabilities. The security flaws include privilege escalation, use after free, among others.
Testing the new retpoline mitigation on AMD for Spectre v2 shows that the performance loss with the new patch is nowhere nearly as big as the performance impact incurred by Intel processors.
Intel and ARM are vulnerable to the Spectre-BHB flaw, but AMD is apparently troubled by Spectre v2, which it should have fixed back in 2018. AMD has now issued a new fix for the CVE-2017-5715 bug.
A new CPU exploit based on the infamous Spectre v2 has been discovered. However, when the security patch is applied it can affect performance by up to 36%, that's according to a recent study.
Microsoft has shed more light on how it has reduced the size of Windows 11 updates by 40% by utilizing a new approach to patching which uses mapping tables to observe the delta in code updates.
In Germany it is already confirmed to be rolling out to the device a month after it received the One Ui 3.1 and feature updates for the camera, to bring it closer to the features of the S21 series.
The July 2020 Android security patch is being rolled out to the Huawei Mate 20 and Mate 20 Pro smartphones running EMUI 10.1. Those units running EMUI 10.0 have the June 2020 security patch.
Samsung has started rolling out the August security patch for the Galaxy S10 series in Germany. The company has once again managed to beat Google's Pixel lineup in terms of security patch rollouts.
Google has started rolling out the May 2020 security patch for all the compatible and supported Pixel phones. This includes the Pixel 4 series, the Pixel 3a, and the Pixel 2 and Pixel 3 XL.
Samsung has started rolling out the May 2020 security patch for the Galaxy S20 and the Galaxy Fold. The update for the Galaxy Fold also brings many of the Galaxy S20 camera features to the device.
Google has started rolling out the February 2020 security patch for the Pixel family of devices. Apart from patching vulnerabilities, the update also fixes a number of bugs found on the Pixel 4.
