Falcon Exposure Management Team

Microsoft has released security updates for 61 vulnerabilities in its May 2024 Patch Tuesday rollout. There are two zero-day vulnerabilities patched, affecting Windows MSHTML (CVE-2024-30040) and Desk[…]

UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the […]

Microsoft has released security updates for 150 vulnerabilities in its April 2024 Patch Tuesday rollout, a much larger amount than in recent months. There are three Critical remote code execution vuln[…]

Microsoft has released security updates for 60 vulnerabilities in its March 2024 Patch Tuesday rollout. There are two Critical vulnerabilities patched (CVE-2024-21407 and CVE-2024-21408), both of whic[…]

Microsoft has released security updates for 73 vulnerabilities for its February 2024 Patch Tuesday rollout. These include two actively exploited zero-days (CVE-2024-21412 and CVE-2024-21351), both of […]

In a relatively quiet week for Microsoft Patch Tuesday, the vendor announced 49 vulnerabilities affecting Microsoft products, two of which are critical, and a number of remote code execution (RCE) vul[…]

Microsoft has released security updates for 34 vulnerabilities, including one previously disclosed zero-day (CVE-2023-20588), a vulnerability affecting Advanced Micro Devices (AMD) processors. Four of[…]

Microsoft has released security updates for 58 vulnerabilities, including five zero-days, three of which are being actively exploited. One of the zero-days (CVE-2023-36025) is a Windows SmartScreen Se[…]

This month marks the 20th anniversary of Patch Tuesday, and Microsoft has released security updates for 104 vulnerabilities, including three zero-days. One of the zero-days (CVE-2023-41763) is an elev[…]

Microsoft has released security updates for 62 vulnerabilities and two zero-days for its September 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-36802) is an elevation of privilege vulner[…]

Microsoft has released security updates for 76 vulnerabilities and two zero-days for its August 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability i[…]

Microsoft has released security updates for 131 vulnerabilities and a disclosure for one yet-unpatched vulnerability for its July 2023 Patch Tuesday rollout: 9 are rated as Critical while the remainin[…]

Microsoft has released 78 security patches for its June 2023 Patch Tuesday rollout. Of the vulnerabilities patched today, 6 are classified as Critical and 38 are remote code execution (RCE) flaws. Jun[…]

Microsoft has released patches for 38 vulnerabilities for its May 2023 Patch Tuesday rollout: 6 are rated as Critical while the remaining 32 are rated as Important. Three vulnerabilities are identifie[…]

Microsoft has released patches for 97 vulnerabilities for its April 2023 Patch Tuesday rollout: 7 are classified as Critical while the remaining 90 are classified as Important. One vulnerability is id[…]

Microsoft has released 80 security patches for its March 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, 70 Important and 1 Moderate. Two actively exploited zero-day vulnerabilities […]

Microsoft has released 75 security patches for its February 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, and the remaining 66 are rated Important. Three actively exploited vulnera[…]

The first Patch Tuesday of 2023 is starting the year with a large number of bug fixes. Microsoft released 98 security patches for its January 2023 Patch Tuesday rollout, almost double the number relea[…]

Microsoft has released 49 security patches for its December 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical, two are rated Medium and the rest are rated Important. DirectX […]

Microsoft has released 66 security patches for its November 2022 Patch Tuesday rollout. Of these, 10 vulnerabilities are rated Critical and the remaining 56 are rated Important. It should be noted tha[…]

Microsoft has released 84 security patches for its October 2022 Patch Tuesday rollout. Of these, 13 vulnerabilities are rated Critical, while the remaining 71 are rated Important. It should be noted t[…]

Microsoft has released 63 security patches for its September 2022 Patch Tuesday rollout. Five vulnerabilities are rated Critical, 57 are rated Important, one is Moderate, and one is rated Low in sever[…]

Microsoft has released 121 security patches for its August 2022 Patch Tuesday rollout. Seventeen vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-[…]

Microsoft has released 84 security patches for its July 2022 Patch Tuesday rollout. Four vulnerabilities are rated Critical in severity and the rest are classified as Important, with one (CVE-2022-220[…]

Microsoft has released 55 security patches for its June 2022 Patch Tuesday rollout. Three of the 55 CVEs addressed are rated Critical severity, with CVE-2022-30136 having the highest CVSS score of 9.8[…]

Microsoft has released 73 security patches for its May Patch Tuesday rollout. One of the 73 CVEs addressed, Windows LSA Spoofing Vulnerability CVE-2022-26925, is ranked as Important and is under activ[…]

Microsoft has released 117 security patches for its April Patch Tuesday rollout. Of the 117 CVEs addressed, two are ranked as Important zero-days, including CVE-2022-24521, which is under active explo[…]

Microsoft has released 71 security patches for its March Patch Tuesday rollout. Of the 71 CVEs addressed, three are ranked as Important zero-days. This month the quantity of patches for Critical vulne[…]

Microsoft has released 48 security patches for its February Patch Tuesday rollout. None are considered Critical or known to have been actively exploited. CVE-2022-21989, a publicly known zero-day vuln[…]

Kicking off the first Patch Tuesday of 2022, CrowdStrike continues to provide research and analysis regarding critically rated vulnerabilities and the subsequent patches offered by Microsoft. In this […]

It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple cri[…]

As the year draws to a close, the active exploitation of Microsoft vulnerabilities continues unabated. Once again, a broad range of Microsoft products are included in this month’s Patch Tuesday update[…]

Microsoft has released its October 2021 updates covering a garden variety of vulnerabilities that threat actors can exploit using several attack types, from remote code execution to spoofing to privil[…]

Attackers are continually taking advantage of Microsoft products, and this month’s vulnerabilities and subsequent patch updates reflect that reality. One particular zero-day vulnerability, CVE-2021-40[…]

August’s Patch Tuesday covered less than half as many patched vulnerabilities as July. Two of the vulnerabilities patched this month (CVE-2021-34481 and CVE-2021-36934) were previously disclosed and h[…]

Imagine this scenario: Your IT staff, pressed for time, checks for patches once every month after the Microsoft Patch Tuesday release. They spend a few minutes gathering intel and perhaps a few more m[…]

The month of July 2021 has been particularly challenging for organizations relying on Microsoft products. Along with the ongoing PrintNightmare out-of-band patch bypass situation affecting Windows Pri[…]

This month’s patch update covers 50 vulnerabilities, with 6 of them actively exploited - the highest number we’ve seen so far in 2021. Five of these in-the-wild exploits affect default Windows compone[…]

Last month, teams participating in a global hacking contest, Pwn2Own, succeeded in exploiting several Microsoft products on the first day of the competition. These Windows products, which include Micr[…]

The year 2021 has required a lot of attention from cyber-savvy Microsoft users so far, considering the quantity and severity of vulnerabilities requiring updates and also the increased urgency to rele[…]

In this Microsoft Patch Tuesday update, we discuss several critical vulnerabilities, including a newly released zero-day targeting Internet Explorer that has already seen active exploitation in the wi[…]