Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Adam Nowak  

AUTHOR STATS:

17

Patch Tuesday, January 2017

Update: See below for an update for the upcoming February Patch Tuesday. Microsoft starts off the year with 4 bulletins and continues a long running trend with their products where the majority of bulletins (2) are remote code execution (RCE) followed by an even distribution…

Patch Tuesday, December 2016

December continues a long running trend with Microsoft's products where the majority of bulletins (6) are dominated by remote code execution (RCE) followed by an even distribution of elevation of privilege (3) and information disclosure (3). All of this month's critical bulletins are remote code…

Patch Tuesday, November 2016

November continues a long running trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE), closely followed by elevation of privilege (6) and security feature bypass (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a…

Patch Tuesday, October 2016

October continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of…

Patch Tuesday, September 2016

September continues a long running trend with Microsoft's products where the majority of bulletins (10) address remote code execution (RCE) followed by elevation of privilege (2) and information disclosure (2). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of…

Patch Tuesday, August 2016

August continues an on-going trend with Microsoft's products, the majority of bulletins (5) address remote code execution (RCE) followed by elevation of privilege (2), security feature bypass (1) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a…

Patch Tuesday, July 2016

July continues an on-going trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by information disclosure (2), security feature bypass (2) and elevation of privilege (1). All of this month's 'critical' bulletins are remote code execution vulnerabilities, affecting…

Update Tuesday, June 2016

June continues an on-going trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE) with elevation of privilege as a close second (6); the three address information disclosure (2) and denial of service. All critical bulletins are remote code execution…

Patch Tuesday, May 2016

May continues a long-running trend with Microsoft where the majority of bulletins (10) address remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (2), information disclosure (2) and security feature bypass. All critical bulletins are remote code execution issues affecting a variety of…

Update Tuesday, April 2016

April continues a long-running trend with Microsoft where the majority of bulletins (9) address remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (2), security feature bypass and denial of service (DOS). All critical bulletins are remote code execution issues affecting a variety…

Update Tuesday, March 2016

March continues this quarter's trend with the majority of bulletins (8) addressing remote code execution (RCE) vulnerabilities; the remaining address elevation of privilege (4) and security feature bypass. All of the critical bulletins are remote code execution issues affecting a variety of products and platforms…

Update Tuesday, February 2016

February continues this quarter's trend with the majority of bulletins (7) addressing remote code execution (RCE) vulnerabilities; the remaining 6 evenly address denial of service (DOS) and elevation of privilege. All of the critical bulletins (MS16-009, MS16-011. MS16-012, MS16-013, MS16-015, MS16-022) are remote code execution…

Update Tuesday, January 2016

The year's first release contains 9 bulletins, 7 remote code execution (RCE), an elevation of privilege and spoofing vulnerability. The critical bulletins (MS15-001, MS15-002, MS15-003, MS15-004, MS15-005, MS15-006) are comprised of remote code execution vulnerabilities affecting a variety of products and platforms including Edge, Internet…

Update Tuesday, December 2015

December continues this quarter's trend, 10 bulletins addressing remote code execution (RCE) vulnerabilities, while the remaining two address elevation of privilege. The vulnerabilities affect Internet Explorer (7 and onwards), Edge, Office, Silverlight, VBScript scripting engine and Windows (Vista and onwards). It is advisable for users…

Update Tuesday, November 2015

November sees a mix of remote code execution and elevation of privilege vulnerabilities enabling an attacker to gain the same rights as the user when the victim opens specially crafted content, such as a webpage, journal file or document containing embedded fonts. These vulnerabilities affect…