Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Microsoft  

12 Days of HaXmas: MS14-068, now in Metasploit!

This post is the first in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2014. Hello everyone and Happy HaXmas! In November of 2014, a really interesting vulnerability…

Patch Tuesday - December 2014

December's advanced Patch Tuesday brings us seven advisories, three of which are listed as Critical.  Depending on how you want to count it, we see a total of 24 or 25 CVEs because one of the Internet Explorer CVEs in MS14-080 overlaps with the…

October Patch Tuesday + Sandworm

Microsoft is back in fine form this month with eight upcoming advisories affecting Internet Explorer, the entire Microsoft range of supported operating systems, plus Office, Sharepoint Server and a very specific add on module to their development tools called “ASP .NET MVC”. …

Patch Tuesday - September 2014

It's a light round of Microsoft Patching this month.  Only four advisories, of which only one is critical.  The sole critical issue this month is the expected Internet Explorer roll up affecting all supported (and likely some unsupported) versions.  This IE roll…

August Patch Tuesday

Microsoft clearly wants everyone to shake off the dog days of summer and pay attention to patching.  This month's advance notice contains nine advisories spanning a range of MSFT products.  We have the ubiquitous Internet Explorer all supported versions patch (MS14-051), with the…

Patch Tuesday, June 2014

Patch Tuesday, June 2014 delivers seven advisories, of them, two critical, five important – one of which is the seldom seen “tampering” type.The remarkable item in this month's advisories is MS14-035, the Internet Explorer patch affecting all supported versions.  That in…

Patch Tuesday, May 2014 - Lots going on

There is a lot going on in the updates from Microsoft this month, including some very interesting and long time coming changes. Also, it's the highest volume of advisories so far this year, with eight dropping on us, two of which are labelled as critical.…

It's the end of XP as we know it, April Patch Tuesday 2014, and, oh yeah... heartbleed.

So this is it, the last hurrah for the once beloved XP, the last kick at the can for patching up the old boat.  Sure, by today's standards it's a leaky, indefensible, liability, but… hey, do you even remember Windows 98?  Or…

Patch Tuesday - March 2014

Microsoft's March Patch Tuesday again came in on the lighter side of some months.  This continues the 2014 trend of smaller Patch Tuesdays.  We only see 2 issues that are critical/remote code execution, one of which is the usual IE (MS14-012), the…

Patch Tuesday - February 2014, also, say "buh-bye" to MD5

This was a fairly novel Patch Tuesday (calling it interesting might be too strong a word for Patch Tuesday, unless you work in vulnerability management and geek out on these things - in which case, I thought it was interesting).At first take, it looked…

December 2013 Patch Tuesday

One more go around the block for 2013 and like the last, late tropical storm of the season, Microsoft is taking one last swipe and security and IT teams alike. This Patch Tuesday features a solid 11 advisories affecting 6 different product types. …

Patch Tuesday October 2013

It's been an interesting month for the Microsoft Security watchers of the world. If your job depends on securing systems running Windows, you should be eagerly awaiting the patch for the Internet Explorer (IE) 0-day (CVE-2013-3893: SetMouseCapture Use-After-Free) vulnerability in today's Patch Tuesday (MS13-080). Exploitation…

Patch Tuesday, Sept 2013

September's Patch Tuesday is live! The 14 bulletins predicted were cut to 13, with the .NET patch landing on the cutting room floor. A patch getting pulled after the advance notice is up usually indicates that late testing revealed an undesired interaction with another product…

August Patch Tuesday

Oh noes! Fire! Look out! Run in circles, scream and shout! There's a remotely exploitable, publicly disclosed, critical remote code execution vulnerability in Microsoft Exchange (MS13-061)! Prepare for the end of teh interwebs. But wait, is it really remotely exploitable? Well, not in the sense…

Patch Tuesday - July Edition!

This month's patch Tuesday the polar opposite of last month's ho-hum, here-we-go-again-with-the-patches exercise. There are 7 advisories and 6 of those are critical issues allowing remote code execution. Basically everything in the core Microsoft world is affected by one or more of these, every supported…