ALL POSTS

Key Findings Microsoft released security updates to address 59 vulnerabilities, including 6 that are actively being exploited in the wild. Of the 59 flaws, 5 are rated Critical, 52 are rated Important, and 2 are rated Moderate in severity. 25 of the patched vulnerabilities are privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). The 6 actively e

Key Findings Microsoft released security updates to address 58 new vulnerabilities across Windows, Office, Azure, Edge, Exchange, Hyper-V, and other components. The update includes fixes for 6 zero-day vulnerabilities that are being actively exploited in the wild. 5 of the vulnerabilities were rated as "Critical" by Microsoft. Several vulnerabilities affect high-profile targets like GitHub Copilot, IDEs, and Azure cloud services. Background This month's Patch Tuesday from Mic

Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa

Key Findings Microsoft released its January 2026 security update, addressing 112 vulnerabilities, including 8 critical flaws One of the "important" vulnerabilities, CVE-2026-20805, is being exploited in the wild 6 out of the 8 critical vulnerabilities are remote code execution (RCE) affecting Windows services and Microsoft Office The remaining 2 critical vulnerabilities are elevation of privilege (EoP) affecting Windows Graphic Component and Windows Virtualization-Based Secur

Key Findings Microsoft released 57 vulnerabilities in the December 2025 Patch Tuesday, including 2 "critical" and the rest "important" Microsoft assessed that exploitation of the 2 "critical" vulnerabilities is "less likely" Cisco Talos is releasing new Snort rules to detect attempts to exploit some of the disclosed vulnerabilities Background This month's Patch Tuesday addresses a range of vulnerabilities, including: CVE-2025-62562: Microsoft Outlook remote code execution vul

Key Findings Microsoft released its November 2025 Patch Tuesday, addressing a total of 68 vulnerabilities, including a high-priority zero-day flaw already being actively exploited in the wild. The most urgent patch is for CVE-2025-62215, a Windows Kernel Elevation of Privilege Vulnerability that allows an authenticated attacker to gain SYSTEM privileges. In addition to the zero-day, four other flaws have been rated as Critical severity, posing a significant risk of Remote Cod