Security Update
Juniper patches critical auth bypass in Session Smart routers
Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. The security flaw (tracked as CVE-2025-21589) was found during internal product security testing, and it also affects Session Smart Conductor and WAN Assurance Managed Routers. “An Authentication Bypass Using an Alternate Path or Channel […]
Windows 10 KB5051974 update force installs new Microsoft Outlook app
Microsoft has released the KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windows app and fixes a memory leak bug. The Windows 10 KB5051974 update is mandatory as it contains Microsoft’s January 2025 Patch Tuesday security updates. Windows users can install this update by going into Settings, clicking on Windows […]
Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
Today is Microsoft’s February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: The above numbers do not include a critical […]
Microsoft shares workaround for Windows security update issues
Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. As the company explained when it acknowledged the bug in December, it only occurs when installing Windows 11 from CDs and USB flash drives that also install the October 2024 or […]
Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. Emergency mitigations (also known as EEMS mitigations) are delivered via the Exchange Emergency Mitigation Service(EEMS), introduced three years ago in September 2021. EEMS automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws […]
Windows 10 KB5049981 update released with new BYOVD blocklist
Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. The Windows 10 KB5049981 update is mandatory as it contains Microsoft’s January 2025 Patch Tuesday security updates. Windows users can install this update by going into Settings, clicking […]
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
Today is Microsoft’s January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also fixes twelve “Critical” vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws. The number of bugs in each vulnerability category is listed below: To learn more […]
Windows 11 installation media bug causes security update failures
Microsoft is warning of an issue when using a media support to install Windows 11, version 24H2, that causes the operating system to not accept further security updates. The problem occurs when using CD and USB flash drives to install Windows 11 version with security updates released between October 8 and November 12. “When using media to […]
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. “Adobe is […]
Cleo patches critical zero-day exploited in data theft attacks
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully […]