CVE-2022-26937

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so t...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus many more flaws. And Adobe, Android, SAP join the bug-squashing frenzy

Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That's seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code. After April's astonishing 100-plus vulnerabilities, May's patching event seems tame by comparison. However, "this month makes up for it in severity and infrastructure ...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Follina was all very exciting, but did you patch CVE-2022-30136? What do you want The Register to do for you?

Trend Micro Research has published an anatomy of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June (you do keep your patches up to date, don't you?) but the research makes for interesting reading both in terms of the vulnerability itself and the potential for exploitation. The vulnerability was contained within the Windows Network Filing System (NFS) and was due to improper handling of...