Patch Tuesday Webinar Series

Here in the Midwest US, we have a saying about March, “In like a lion, out like a lamb.” This is in reference to the month starting with strong winter weather and letting off as the month progresses. In fact, we just had a blizzard that dropped 9-12 inches of snow across most of the region overnight, but a week later I see grass and sunny skies and have shed the winter coat!

At first glance, March Patch Tuesday looks like a lamb, but this lamb might have the teeth of a lion. The standard lineup of updates resolves 57 CVEs across the Windows OS, Office, .Net and Visual Studio, with a couple of Azure component updates in the mix. Google Chrome updated in the lead up to Patch Tuesday (March 10 update), and Adobe released seven updates, including Adobe Acrobat and Acrobat Reader.

February Patch Tuesday is ramping up with releases from Adobe and Microsoft and an expected release from Google. Adobe resolved 45 CVEs across seven updates. The largest and highest priority is Adobe Commerce, which resolves 30 CVEs. Microsoft is coming down off a huge January release and only resolved 56 new CVEs this February. There are two new zero-day exploits and a revised Secure Boot zero-day in the mix, making the Windows OS a top priority this month.

Microsoft has released updates resolving 159 unique CVEs for January. Amongst the lineup are three Zero-Day Exploits and five Publicly Disclosed vulnerabilities. Adobe resolved 14 critical CVEs and Google resolved 13 CVEs in Chrome. Oracle updates will be available in the coming week, all to keep you on your toes this January!

Microsoft has released updates for December 2024. The release looks pretty straight forward. Microsoft resolved 71 new CVEs affecting Windows OS, Office, Sharepoint, System Center Operations Monitor, Defender and a Microsoft AI project called Muzic. A Third-party update from Adobe rounds out the month, but the lineup is pretty light from a security perspective. Priority wise the top priority for December is the Windows OS update, which accounts for 58 CVEs including all 16 Critical and the one Known Exploited CVE.

The top priority for the November 2024 Patch Tuesday is the Windows OS update to resolve two known exploited CVEs (CVE-2024-49039 and CVE-2024-43451).

For organizations running Microsoft Exchange Server you will also want to prioritize this month’s Exchange Server update which resolves a Publicly Disclosed vulnerability (CVE-2024-49040) which included proof-of-concept exploit code making it a much more likely risk that threat actors will take advantage and target this vulnerability.

October is Cybersecurity Awareness Month! What better way to stay cyber-aware than to read up on the latest security updates hitting the market. Microsoft released updates for Windows, Office, .Net and several Azure services resolving a total of 117 new CVEs. There are two Zero-Day Exploits both of which have also been publicly disclosed. In addition, there are three more CVEs that have been publicly disclosed, but no reports of exploitation.

Additional security updates from Google and Zoom released, but the top priority will be the Windows OS update this month which addresses both zero-day exploits that Microsoft resolved.

September’s Patch Tuesday brings updates from Microsoft, Adobe and Ivanti. Microsoft has released updates for the Windows OS, Office, Sharepoint, SQL Server and several Azure services and components. Adobe released updates for several products including Adobe Acrobat and Reader. Ivanti has also released updates for three products.

Out of these releases, the highest priorities this month are going to be to address zero-day vulnerabilities in the Windows OS and Office.

The Patch Tuesday lineup for August 2024 brings the typical lineup from Microsoft, an Adobe Acrobat and Reader update and an anticipated update for Google Chrome. Ivanti has some additional security updates to add to the mix this month.