Help Net Security newsletters: Latest news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft Windows
How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)

CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky …

Patch Tuesday
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 …

Windows Server
Windows Server 2025 gets hotpatching option, without reboots

Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. …

Microsoft Windows
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A …

Microsoft Crowdstrike
Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update

By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for …

Windows
A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for …

patch tuesday
November 2023 Patch Tuesday forecast: Year 21 begins

The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed …

certificate
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)

Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker …

Patch Tuesday
Microsoft patches Windows flaw exploited in the wild (CVE-2022-41033)

October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has …

patch
August 2022 Patch Tuesday forecast: Printers again?

July 2022 Patch Tuesday came and went quietly as expected. Microsoft addressed 40 CVEs in Windows 11 and 46 CVEs in the Windows 10 set of updates. It was a little unusual …

Patch Tuesday
Microsoft fixes Follina and 55 other CVEs

June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft …

biohazard
Qbot – known channel for ransomware – delivered via phishing and Follina exploit

More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the …

Don't miss

Cybersecurity news