tldrdailynews.com logo
Tag

Patch Management

All articles tagged with #patch management

CISA orders patch for Windows zero-click flaw tied to NTLM hash leaks
technology28 days ago

CISA orders patch for Windows zero-click flaw tied to NTLM hash leaks

CISA has added CVE-2026-32202 to the Known Exploited Vulnerabilities list and ordered U.S. federal agencies to patch Windows endpoints and servers by May 12 under Binding Operational Directive (BOD) 22-01. The flaw is described as a zero-click NTLM hash-leak vulnerability that can be exploited in pass-the-hash attacks and may stem from an incomplete fix for CVE-2026-21510, which APT28-linked actors used in attacks against Ukraine and EU targets. Microsoft also flagged the vulnerability as exploited in the wild, and security teams are urged to apply vendor mitigations or discontinue the product if mitigations aren’t available. The alert comes as three other Windows flaws (BlueHammer, RedSun, UnDefend) are also being actively exploited to gain SYSTEM or higher privileges.

via BleepingComputer|
#cisa#cybersecurity#patch-management
Mythos AI Triggers Cross-Sector Push to Guard Infrastructure
technology1 month ago

Mythos AI Triggers Cross-Sector Push to Guard Infrastructure

Anthropic’s Mythos AI, rolled out to a select group of firms, accelerates vulnerability detection and patching, raising alarms that rapid, cross‑sector coordination between governments and business is needed to defend critical infrastructure like hospitals, banks and utilities from new threats and potential autonomous attack agents while managing patch downtime.

via Financial Times|
#anthropic#critical-infrastructure#cyber-security
Microsoft patches critical ASP.NET Core data-protection flaw to curb cookie forgery
security1 month ago

Microsoft patches critical ASP.NET Core data-protection flaw to curb cookie forgery

Microsoft released out-of-band security updates for a critical ASP.NET Core Data Protection vulnerability (CVE-2026-40372) that could let unauthenticated attackers forge authentication cookies and gain SYSTEM privileges. The flaw comes from a regression in the 10.0.0–10.0.6 NuGet packages, which could cause forged payloads to bypass authenticity checks; upgrading to 10.0.7 and redeploying with a rotated DataProtection key ring fixes the issue. This follows April’s Patch Tuesday and includes additional out-of-band Windows Server fixes. No service disruption is reported, but applications using DataProtection should update promptly to prevent token forgery and data exposure.

via BleepingComputer|
#aspnet-core#cve-2026-40372#data-protection
CISA Flags Exploited Windows Task Host Flaw Elevating Privileges
security1 month ago

CISA Flags Exploited Windows Task Host Flaw Elevating Privileges

CISA has labeled CVE-2025-60710 a actively exploited Windows Task Host privilege-escalation flaw, urging all organizations to patch within two weeks under Binding Operational Directive 22-01. The link-following vulnerability affects Windows 11 and Windows Server 2025 and can be exploited by users with basic permissions to gain SYSTEM-level control; Microsoft patched the issue in November 2025, but Microsoft’s advisory has not yet confirmed active exploitation, so defenders should apply vendor mitigations or discontinue the affected component per CISA guidance.

via BleepingComputer|
#cisa#cve-2025-60710#patch-management
Feds told to patch BeyondTrust flaw within 3 days after active exploitation
technology3 months ago

Feds told to patch BeyondTrust flaw within 3 days after active exploitation

CISA ordered Federal civilian agencies to patch BeyondTrust Remote Support and Privileged Remote Access within three days after CVE-2026-1731, a remote code execution flaw that’s been actively exploited. SaaS instances were patched by BeyondTrust on Feb 2, 2026, but on-premise deployments require manual updates. Exploitation can allow unauthenticated remote code execution, risking system compromise, data exfiltration, and service disruption. Threat intel reports active exploitation and about 11,000 exposed instances (roughly 8,500 on‑premises). The agency added the CVE to its Known Exploited Vulnerabilities catalog and urged mitigations or discontinuation per vendor guidance under BOD 22-01.

via BleepingComputer|
#beyondtrust#cybersecurity#government
CISA orders urgent patch for actively exploited SCCM flaw
security3 months ago

CISA orders urgent patch for actively exploited SCCM flaw

CISA directed federal agencies to patch CVE-2024-43468, a SQL injection flaw in Microsoft Configuration Manager (SCCM) that is now being actively exploited in attacks. The vulnerability was patched by Microsoft in October 2024, but exploitation was later shown in PoC code, and CISA warns that unpatched systems pose significant risk. Agencies must apply mitigations by March 5 under BOD 22-01, and CISA recommends that organizations outside federal use vendor guidance to secure affected systems as soon as possible.

via BleepingComputer|
#cisa#cve-2024-43468#cybersecurity
Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch
technology3 months ago

Critical pre-auth RCE in BeyondTrust remote-support tools prompts urgent patch

BeyondTrust warns of CVE-2026-1731, a pre-auth remote code execution flaw in Remote Support (RS) 25.3.1 and Privileged Remote Access (PRA) 24.3.4 and earlier, allowing unauthenticated attackers to run OS commands; patches are available by upgrading to RS 25.3.2+ and PRA 25.1.1+ (or enabling automatic updates). Cloud systems have been secured; about 11,000 instances are exposed online, with roughly 8,500 on-premises potentially vulnerable if not patched; no active exploitation is reported yet.

via BleepingComputer|
#enterprise-security#patch-management#remote-code-execution
Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued
security3 months ago

Ivanti EPMM hit by two critical zero-days, with patches and risk guidance issued

Ivanti disclosed two critical RCE zero-day flaws in Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) exploited in the wild at a limited number of customers. Both flaws score 9.8 and can run arbitrary code remotely without authentication. Ivanti released RPM-based mitigations for affected EPMM versions, noting no downtime is required but hotfixes must be reapplied after any version upgrade; a permanent fix arrives with EPMM 12.8.0.0 in Q1 2026. Exploitation can reveal administrator and user data, device details, and location (if enabled), and attackers could alter configurations via the API or web console. Defenders can detect activity via a specific Apache access-log regex, though logs can be altered by attackers. Recovery guidance includes restoring from a known-good backup or rebuilding, resetting local and service accounts' passwords, rotating certificates, and reviewing Sentry logs. CISA has added CVE-2026-1281 to KEV; federal agencies must patch or decommission affected systems by Feb 1, 2026.

via BleepingComputer|
#epmm#ivanti#patch-management
Over 46,000 Grafana Instances Vulnerable to Account Takeover
technology11 months ago

Over 46,000 Grafana Instances Vulnerable to Account Takeover

Over 46,000 Grafana instances remain unpatched despite a critical vulnerability (CVE-2025-4123) that allows attackers to execute malicious plugins and hijack accounts through a client-side open redirect flaw. The vulnerability, discovered by Alvaro Balada and addressed in May, affects multiple versions, but many remain vulnerable, posing a significant security risk. Upgrading to the latest secure versions is recommended to mitigate potential exploits.

via BleepingComputer|
#account-takeover#cve-2025-4123#grafana
"Cisco Patches Critical Vulnerability in Unity Connection Software"
cybersecurity2 years ago

"Cisco Patches Critical Vulnerability in Unity Connection Software"

Cisco has released software updates to fix a critical vulnerability (CVE-2024-20272) in its Unity Connection software that could allow attackers to execute arbitrary commands on the system. The flaw, discovered by security researcher Maxim Suslov, affects versions 12.5 and earlier, as well as version 14. Users are advised to update to the fixed versions to mitigate potential threats. Additionally, Cisco has addressed 11 medium-severity vulnerabilities in its software, but will not release a fix for a command injection bug in WAP371 due to end-of-life status, recommending customers to migrate to the Cisco Business 240AC Access Point.

via The Hacker News|
#cisco#cve-2024-20272#cybersecurity
"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"
cybersecurity2 years ago

"CISA Identifies High-Severity Exploited Vulnerabilities in Apple, Apache, Adobe, D-Link, Joomla, and Apache Superset"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six known exploited vulnerabilities, including high-severity flaws affecting Apple, Apache, Adobe, D-Link, and Joomla, with evidence of active exploitation. These vulnerabilities pose risks such as remote code execution and improper access control. CISA has urged federal agencies to apply patches to secure their networks against these active threats by January 29, 2024.

via The Hacker News|
#cisa#cybersecurity#exploitation