Patch Tuesday

Today, the second Tuesday of May, is Microsoft’s Patch Tuesday. This month’s patch release includes fixes for 55 CVEs – 50 classified as Important, one moderate, and four marked as critical. Microsoft also patched three zero-day vulnerabilities that were publicly disclosed but not yet exploited at the time of this release. The 55 fixes touch on various Microsoft products and services, including Exchange Server, Skype for Business, Visual Studio, MS Office, .NET Core, SharePoint Server, and Hyper-V. Along with May’s patch cycle, Microsoft also rolled out cumulative updates for all supported versions of Windows. The freshly updated Windows 10 OS builds 19041.895 and 19042.895 mostly feature enhanced security for Windows System Core Components, browsers, and other basic functions, plus a couple of new peripheral drivers and UI elements. Let’s get back to the security flaws addressed in this month’s patch dump.

Microsoft Patch Tuesday started early this month with an out-of-band patch release on March 2. This week’s batch fixes a total of 89 CVEs; among these are the seven out-of-band fixes from last week, ten ‘critical’ fixes, and 72 marked as ‘important.’ Two of the patches address separate zero-day vulnerabilities, one of which had already been exploited in the wild. This month’s patches cover a wide range of Microsoft products and services, including Azure, Office products, and Windows internet browsers.

Microsoft just rolled out its monthly patches and updates in what has now become known as Microsoft Patch Tuesday. On February 9, Microsoft released fixes for 56 security flaws, including a zero-day vulnerability that had already been exploited in the wild.

Microsoft rolled out its monthly set of security updates. The security patches bundle included fixes for 83 vulnerabilities on Windows operating system, enterprise servers, development tools, and various cloud products and services. Among these patches, ten were described as critical, and one of the most important patches was the fix for Microsoft Defender Remote Code Execution Vulnerability – a zero-day vulnerability that Microsoft said was exploited in the wild before the patch was released.