CISA: Patch These Bugs Now
CISA is giving federal agencies between two weeks and six months to patch known exploited vulnerabilities.
CISA is giving federal agencies between two weeks and six months to patch known exploited vulnerabilities.
Microsoft fixed last week's MSHTML zero day - a vulnerability it confirmed was being exploited in the wild - in this month's Patch Tuesday round of updates.
The vulnerability, which has been exploited in the wild, can be triggered without the victim clicking anything.
There's no patch yet but Microsoft has released a workaround to mitigate the latest zero day, a vulnerability announced this week in WIndows 10 and Windows Server.
CISA is urging organizations to patch the vulnerabilities in Exchange Server as soon as possible to prevent the spread ransomware and attackers who have been dropping web shells.
A vulnerability found in some routers and modems could make the devices vulnerable to authentication bypass and in turn, allow attackers access to sensitive information.
Microsoft fixed 50 vulnerabilities this week, including six zero days in Windows components currently being exploited in the wild.
The bugs, discovered by the NSA, "could allow persistent access and control of enterprise networks."
The annual hacking competition will see 23 attempts against operating systems, virtualization software, and browsers.
APT groups increasingly targeted CVE-2018-13379, CVE-2020-12812 and CVE-2019-5591 last month.