Wormable Windows HTTP hole – what you need to know
One bug in the January 2022 Patch Tuesday list is getting lots of attention: “HTTP Protocol Stack Remote Code Execution Vulnerability”.
Want to know more about this topic or about us? Contact us!
One bug in the January 2022 Patch Tuesday list is getting lots of attention: “HTTP Protocol Stack Remote Code Execution Vulnerability”.
It was a zero-day bug until Patch Tuesday, now there’s an anyone-can-use-it exploit. Don’t be the one who hasn’t patched.
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won’t be any double overtime!
Bugs! So many bugs! Latest episode – listen now…
by Paul Ducklin As you know, our usual advice for Patch Tuesday boils down to four words, “Patch early, patch often.” There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code . . . Read more
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.
Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020.
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update. Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited . . . Read more
by Paul Ducklin Here’s the latest episode of our weekly Naked Security Live video series. By the way, if you want to ask questions in real time while we’re online, we’d love you to join in live – just keep an eye on the @NakedSecurity Twitter feed or check our . . . Read more