3 min
脆弱性管理
补丁星期二- 2020年1月
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour
[http://twitter.com/wdormann/status/1216763957446422528] that Microsoft would
be fixing a severe vulnerability in a fundamental cryptographic library. It
turns out that the issue in question is indeed serious, and was reported to
微软由美国国家安全局:CVE-2020-0601
[http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601]
is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC)
c
2 min
Patch Tuesday
补丁星期二- 2019年12月
Today we come to the end of 2019's monthly Microsoft Patch Tuesday
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec]
(也被称为周二更新). 今年圣诞节,微软给我们带来了36个
vulnerabilities (that's two less than this time last year!) and no new
Adobe针对Adobe Flash的漏洞.
Unfortunately, despite a light month, there's still action to be taken.
CVE-2019-1458
[http://portal.msrc.microsoft.com/en-US/security-guidance/advis
3 min
Patch Tuesday
补丁星期二- 2019年11月
November's Patch Tuesday is upon us and, this month, Microsoft addressed 74
vulnerabilities of which one Internet Explorer vulnerability (CVE-2019-1429
[http://portal.msrc.microsoft.com/en - us/security guidance/advisory/cve - 2019 - 1429)
)已被积极开发. 通过优先考虑发布的内容
Microsoft Windows and Internet Explorer patches, the door to 58 of the 74
漏洞将被关闭. 而且,已经连续两个月了
补丁周二看到一个缺席的安全更新
2 min
Patch Tuesday
补丁星期二- 2019年10月
这个月的补丁星期二
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573]
is mainly notable in that there isn't a whole lot to note, which is a change of
pace. No 0-days, no vulnerabilities that had been publicly disclosed already,
没有任何东西可以让蠕虫繁殖. Adobe也没有
[http://helpx.adobe.com/security.html]. 当然,这并不意味着有
无能为力:微软仍然发布了59个CVE
2 min
Patch Tuesday
补丁星期二- 2019年9月
今天微软发布了修复程序
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573]
for 79 separate security flaws, affecting products across much of their
portfolio. Two of these have been seen exploited in the wild: CVE-2019-1214
[http://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1214]
和cve - 2019 - 1215
[http://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1215]
都是特权吗?
2 min
Patch Tuesday
补丁星期二- 2019年8月
首先是今天补丁星期二的大新闻
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d]
: Microsoft has fixed four new Remote Desktop Services (RDS) vulnerabilities,
让人想起蓝堡
[/2019/07/31/bluekeep-cve-2019-0708-for-windows-rdp-what-you-need-to-know/]
脆弱性(cve - 2019 - 0708
[http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708]
),去年5月打过补丁. CVE-2019-11
2 min
Patch Tuesday
补丁星期二- 2019年7月
Patch Tuesday for July 2019 is on the heavier side as far as they go, with
微软修复77个漏洞
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573]
in total. 微软也发布了一份公告
[http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190021]
describing a
cross-site scripting vulnerability in the on-premise edition of Outlook for web
(previously known as Outlook Web App), but instead of
2 min
Patch Tuesday
补丁星期二- 2019年6月
Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88
vulnerabilities
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573]
这是今年以来的最高数字. 这个月似乎没有什么是“令人讨厌的”
蓝堡[http://www ..28277cc.com/db/?q=CVE-2019-0708]漏洞已修复
in May, and none of them have been seen exploited in the wild. However, four
elevation of privilege vulnerabilities had been previo
3 min
Patch Tuesday
补丁星期二- 2019年5月
Hot on the heels of several Apple security advisories
[http://support.apple.com/en-us/HT201222] on Monday, May's Patch Tuesday sees
微软修复了近80个漏洞
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d]
across their product line, some of them very serious indeed, and Adobe address
在acrobatreader中超过80
[http://helpx.adobe.com/security/products/acrobat/apsb19-18.html] alone. A fix
对于一个关键的远程鳕鱼
2 min
Patch Tuesday
补丁星期二- 2019年4月
今天的微软更新
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/18306ed5-1019-e911-a98b-000d3a33a34d]
resolve over 70 vulnerabilities, most of which affect the Windows operating
system itself. Two of the vulnerabilities are already being exploited in the
wild. cve - 2019 - 0803
[http://portal.msrc.microsoft.com/en - us/security guidance/advisory/cve - 2019 0803]
和cve - 2019 - 0859
[http://portal.msrc.microsoft.com/en - us/security guidance/advisory/cve - 2019 0
3 min
Patch Tuesday
补丁星期二- 2019年3月
今天微软发布了更新
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ac45e477-1019-e911-a98b-000d3a33a34d]
解决了60多个不同的漏洞. 像往常一样,Windows、网页浏览器、
和SharePoint Server均受影响. Office相对容易受到影响
仅修复了一个漏洞(CVE-2019-0748)
[http://portal.msrc.microsoft.com/en - us/security guidance/advisory/cve - 2019 0748]
, a remote code execution (RCE) vulnerability in the Acces
2 min
Patch Tuesday
补丁星期二- 2019年2月
Microsoft got back in the swing of things today after a couple of relatively
有70多个独立的cve
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/51503ac5-e6d2-e811-a983-000d3a33c573]
being addressed.
The usual suspects got patches, including Windows, Office, Browsers (including
Adobe Flash
[http://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003]),
.NET Framework, SharePoint, Exchange, and another slew of JET Database Engi
2 min
Patch Tuesday
补丁星期二- 2019年1月
微软今年的第一次更新
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573]
address 49 separate vulnerabilities, which is on the low side relatively
speaking. We're also getting rare respite from Flash vulnerabilities (although
Adobe published
[http://helpx.adobe.com/security/products/flash-player/apsb19-01.html] a
"security bulletin" for Flash today, the new version does not actually contain
任何安全修复). It's
5 min
Haxmas
HaXmas评论:12个补丁周二补丁
Another year, another 701 patched Microsoft vulnerabilities: just a 2% increase from 2017's count of 686.
2 min
Patch Tuesday
补丁星期二- 2018年12月
这是最后一个补丁星期二了
[http://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c54acc6-2ed2-e811-a980-000d3a33a34d]
of 2018! As is often the case in December, it's a relatively light one with
"only" 38 CVEs. (Every other month in 2018 clocked in with at least 50 patched
vulnerabilities.)这是对两个Adobe Flash cve的补充
[http://helpx.adobe.com/security/products/flash-player/apsb18-42.html] that were
patched out-of-band last week, due to a remote code ex