Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. In all, Microsoft released patches for 110 security holes, 19 classified critical in severity and 88 considered important. The most dire of those flaws disclosed is arguably a … Continue reading Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities. Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated 9.8 in severity out of 10, could allow unauthenticated remote users to hijack targeted equipment … Continue reading Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

SonicWall released patch for actively exploited SMA 100 zero-day

SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances. The vulnerability, tracked as CVE-2021-20016, has been rated as critical and … Continue reading SonicWall released patch for actively exploited SMA 100 zero-day

Google fixes Chrome zero-day actively exploited in the wild

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement reads. This version is rolling out … Continue reading Google fixes Chrome zero-day actively exploited in the wild

Windows 7 and Server 2008 zero-day bug gets a free patch

An unpatched local privilege escalation (LPE) vulnerability affecting all Windows 7 and Server 2008 R2 devices received a free and temporary fix today through the 0patch platform. The zero-day bug affects all impacted devices, enrolled in Microsoft's Extended Security Updates (ESU) program or not until the company will release its own security updates to ESU … Continue reading Windows 7 and Server 2008 zero-day bug gets a free patch