Skip to main content

Patch Tuesday

Breathe easy knowing we've got you covered with Patch Tuesday news and remediation recommendations every month!

  • 231 Topics
  • 230 Replies
231 Topics
S
SophiaAXCommunity Manager
posted in Patch Tuesday
57 Vulnerabilities in March 2025 Patch Tuesday

March already and our third Patch Tuesday of the year with 57 new vulnerabilities!We think you should pay special attention to: Chromium Vulnerabilities March’s release includes several vulnerabilities in Chromium-based browsers like Microsoft Edge. These issues, including use-after-free vulnerabilities in browser profiles, allow attackers to bypass browser sandboxing, exfiltrate data, or spoof identities. Microsoft Management Console Remote Code Execution Vulnerability CVE 2024-26633 is an RCE vulnerability in the MMC. An attacker can exploit this weakness by tricking a user into opening a malicious MMC file, typically distributed through phishing emails or compromised USB drives. Windows NTFS Remote Code Execution Vulnerability CVE 2024-24993 targets an information disclosure vulnerability within Windows NTFS. An attacker can potentially exploit this issue by prompting users to mount a specially crafted VHD.You can read a more in depth analysis here or listen to our Patch Tuesday pod

120
S
S
SophiaAXCommunity Manager
posted in Patch Tuesday
89 vulnerabilities released, and 1 Zero-Day for November 2024 Patch Tuesday

89 vulnerabilities released, and 1 Zero-Day for this Patch Tuesday! You can tune into our Patch Tuesday podcast or read our analysis here. We recommend you pay special attention to: NTLM Hash Disclosure Spoofing Vulnerability This vulnerability is confirmed and exploitation has been detected. The only current remediation is an official fix. Prioritize patching this vulnerability to prevent unauthorized access. Microsoft Defender for Endpoint Remote Code Execution Vulnerability An attacker could exploit this by sending a malicious link via email or instant messaging. Once clicked, the attack unfolds without requiring further interaction from you. In addition to immediate patching, it is recommended to enhance your email filters and educate users about the dangers of unsolicited links. Windows Task Scheduler Elevation of Privilege Vulnerability To mitigate this vulnerability, patching is your most effective strategy. Microsoft has acknowledged the existence of functional exploit code for

190
S
T
thetech207Rookie
asked in Patch Tuesday
Windows 11 and WSUS

Patching related, but not Automox specific.Still testing Windows 11 in our environment before starting to upgrade Windows 10 endpoints and we are running out of time. The only issue we have been having is Windows 11 machines don’t seem to want to play nice with WSUS. At best I can get maybe one monthly CU to apply via WSUS, but then, never again. Any other type of update will apply, just never the monthly CU. I even replaced the WSUS server...same problem.These same machines will patch with Ivanti SC and Automox, just not WSUS. I’ve tried everything I can think of...anyone having the same issue? Anyone have a potential solution?

620
T
E
eturner22Rookie
asked in Patch Tuesday
Windows Server 2022 patching issues

We are running into issues within our environment with inconsistencies in Automox detecting patches for Windows Server 2022.  We use WSUS and have not had issues approving the updates through WSUS and having servers recognize updates on the servers themselves, but within Automox there is no evidence of any patches available to install. We have had issues with it showing patches available when the Groups are pointed to WSUS as well as directly out to Windows Update. Curious if anyone else has had issues with Server 2022 Patches through Automox. 

1361
K
A
AOkanovicNovice
asked in Patch Tuesday
Has anyone else run into the -2145124318 error message during Windows Cumulative Updates?

I’ve noticed some hosts, especially most of our Windows 11 Enterprise endpoints, will run into an error when trying to apply the monthly Microsoft Cumulative update. The error is a bit unusual, and I haven’t been able to find much on it while researching. The error doesn’t seem to be tied to any Windows Update service/connectivity issues. What is also weirder, is that these Windows 11 hosts report successfully installing this update the first night they try to update, but then the days after get this error. I’ve seen this error on some Windows 10 hosts, but mainly on Windows 11. It seems to point to the update not being compatible with something on the operating system in some weird way. Anyone else seen this before? InstallMSUpdates : Download failed with ResultCode 4 and HResult -2145124318At C:\Program Files (x86)\Automox\execDir135760191\execcmd584584594.ps1:1826 char:21At C:\Program Files (x86)\Automox\execDir135760191\execcmd584584594.ps1:1826 char:21+                     Install

5412
A
L
Landon-AutomoxAutomox Employee
posted in Patch Tuesday
61 Vulnerabilities, and a Chrome Zero Day | May 2024 Patch Tuesday

This month's Patch Tuesday brings 61 vulnerabilities with 1 critical! (89 less CVE’s than last month!)Two particularly alarming CVEs to watch out for: CVE 2024-30033 Windows Search Service Elevation of Privilege Vulnerability [Important] Allows attackers to gain elevated privileges due to a flaw in Windows Search Service. This flaw exists due to improper handling of permissions by the service, which could be exploited to perform unauthorized actions on the system. CVE 2024-30018 Windows Kernel Elevation of Privilege Vulnerability [Important] This issue arises from specific flaws in how the kernel operates, which can be exploited to gain higher levels of access than originally allowed And make sure you've patched the Chrome use-after-free Zero-Day (CVE 2024-4671) that was released on Friday! Listen to the Automox Patch Tuesday podcast or read the blog for more on Patch Tuesday.

570
L
sparrowhawk
sparrowhawkNovice
asked in Patch Tuesday
Managing 'stale' MS Teams installs under Windows

We use Tenable.io for vulnerability scanning and it has flagged a number of Windows endpoints that have old versions of Teams installed. I was puzzled by this as Automox patches Teams, and it turns out that because we’re using the machine wide installer, the Teams application is being installed into the user’s Appdata directory. This will only get updated if the user logs in but we don’t regularly log in with some accounts.I’ve read suggested fixes including:Create a GPO that deletes old accounts from the machines. This is problematic for us IT admins. Remove the machine wide installer so that Teams is not automatically installed when a user first logs in.Has anyone found a way to resolve this using Automox? I’d be interested to learn how others have resolved this. TIA

55510
S
S
SophiaAXCommunity Manager
posted in Patch Tuesday
150 Vulnerabilities and a Zero-Day Demand Immediate Patching | April 2024 Patch Tuesday

This month's release comes with a notable increase in the number of Common Vulnerabilities and Exposures (CVEs) addressed, marking it as one of the most significant Patch Tuesdays in the past year and a half. Be sure to give the Patch [Fix] Tuesday podcast a listen! Also available on your favorite podcast platform! If you have any thoughts or experiences to share, drop them here for our hosts to see! 

230
S
R
rscottRookie
asked in Patch Tuesday
Ubuntu ARM support ?

Are there any plans to support ARM ubuntu builds? We’d like to start using them on AWS, but lack of Automox support is the only thing stopping us.

1173
T
S
SophiaAXCommunity Manager
posted in Patch Tuesday
February Patch Tuesday: 73 Vulnerabilities and 2 Zero-Days

Listen to our podcast on this month's release with mitigation tips and custom automations for remediation. Or read here! Releases we think you should pay extra attention to: CVE-2024-21401: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability [Important] This elevation of privilege vulnerability could allow an unauthenticated attacker to manipulate the plugin's configuration, leading to unauthorized access. CVE-2024-21351: Windows SmartScreen Security Feature Bypass Vulnerability [Moderate] It's been revealed that an attacker could potentially bypass this check to execute untrusted files without prompting the user — a clear-cut reminder of the vital role SmartScreen and similar protective measures play in maintaining system integrity.

380
S
J
jwebsterRookie
asked in Patch Tuesday
2024-01 Windows KB5034441

What’s everyone doing in regards to the issue with KB5034441? Not feasible in a large environment to change the recovery partition size, and Microsoft is reportedly working on a fix, but no timeline. We have 599 impacted assets with only 70 updated. Majority of those are attempting to patch and users getting Automox restart prompts daily.I’m going to ignore for now, but was curious what others were doing to deal with this.

4061
M
S
SophiaAXCommunity Manager
posted in Patch Tuesday
High-severity Kerberos and BitLocker Vulnerabilities | Patch Tuesday January 2024

This month we're looking at 49 vulnerabilities with 2 critical!We believe you should pay special attention to: CVE-2024-20674 - Windows Kerberos Security Feature Bypass Vulnerability [Critical] CVE-2024-20666 - BitLocker Security Feature Bypass Vulnerability [Important] Listen to our Patch Tuesday podcast or read through our analysis of the two vulnerabilities above.Here’s a sneak peek at the latest podcast episode!

720
S
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Linux Patch Installaion

Hi Team,In our environment, we have requirement to install patch for Linux server and PCs. Do we have Linux Update categorization like security, critical? If so, what is the recommendation to patch? Can you pls let me know if we can patch the 3rd party S/w updates for Linux OS? If yes, can you please provide the list of S/w that we can install on it? Also, let us know which policy is best to use in this scenario?Can we use single policy for installing patch for both regular and 3rd Party updates? Thanks,Shoaib

681
jack.smith
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Policy Creation

Hi,We are managing Windows OS, macOS & Linux OS so, can we use a single policy to install updates for all 3 OS?What is the best practice to use either single policy and assigning Win OS, macOS & Linux OS groups or separate policy for Win OS, macOS & Linux OS is required? Also, which policy is the best to install updates for windows, macOS & Linux OS?Thanks,Shoaib 

1392
M
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Software Installation (WinodwsOS)

Hi Team,We have a request to install only patches that are related to Security, Critical and Defender Updates and we have to exclude Updates like Feature Updates, Upgrades, Tools Updates for Windows OS.Can you please recommend which Policy and how the settings should be configured if we need to exclude Feature Updates, Upgrades, Tools Updates and patch only Security Update, critical and Defender Updates for Windows OS?Also, let me know if we have certain KB that are specifically used to install excluded Updates?Thanks,Shoaib

582
M
M
MD Shoaib PashaNovice
asked in Patch Tuesday
macOS Security and Critical updates.

Hi Team,In our environment, we have requirement to install only Security, Critical Updates & 3rd party Updates for macOS. Can you please let us know how we can make sure we are specifically installing only Security, Critical and 3rd party S/W updates? Do we require separate policy for installing 3rd party updates or by using single Policy we can install all 3 categories. Below is the list of updates that we want to exclude from patching:Feature Packs Tools Update Rollups UpgradesAlso, let us know which policy is best to use in this scenario.Thanks,Shoaib

752
M
S
SophiaAXCommunity Manager
published in Patch Tuesday
December 2023 Patch Tuesday: only 34 vulnerabilities for our last Patch Tuesday of the year!

What we found interesting:1. CVE-2023-35618 - Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityThis vulnerability is a security flaw that can potentially allow an attacker to escape the browser's sandbox. The sandbox is a security mechanism that isolates running programs, limiting their access to system resources and preventing them from causing damage.2. CVE-2023-35628 - Windows MSHTML Platform Remote Code Execution VulnerabilityOne of the major threats with this vulnerability is the fact that it doesn't require any user interaction to be exploited. 3. macOS Sonoma 14.1.2 - Memory Corruption VulnerabilityThe macOS Sonoma 14.1.2 update addressed a significant memory corruption vulnerability within WebKit, which was reported to have been exploited against older versions of iOS. The Automox team talks through this Patch Tuesday in our podcast. Or if you haven't hopped on the podcast train yet, read more in our blog post. 

460
S
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Software Inventory filtering in Policy

Hi Team,In our environment, we have requirement to install only Security, Critical Updates & 3rd party Updates for Windows. Can you please let us know how we can make sure we are specifically installing only Security, Critical and 3rd party S/W updates? Below is the below list of updates that we want to exclude from patching:Feature Packs Tools Update Rollups UpgradesAlso, let us know which policy is best to use in this scenario.Thanks,Shoaib

310
M
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Supported 3rd party Software for Linux OS

Hi Team,Does Automox supports 3rd party S/w updates for Linux? if yes, can you please provide list of Supported 3rd party Software for Linux OS? I have found an article where it means any third-party package that is part of Device Package manager is supported not others? if so, can you please elaborate in detail?  

441
M
S
SophiaAXCommunity Manager
posted in Patch Tuesday
Nov 2023 Patch Tuesday: 1 Zero Day, 75 Vulnerabilities, and a new Podcast with Mitigation Tips

Boom! And just like that, November's Patch Tuesday has rolled around again. While this Patch Tuesday is less of a heavy hitter than last month's, we still have one Zero-Day and 75 vulnerabilities.Be sure to check out our first-ever Patch [FIX] Tuesday podcast (available here, or wherever you get your podcasts) for mitigation tips from Jason Kikta and Tom Bowyer!  

360
S
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Patch Scheduling date\time

Hi Team,We have two patching group for PC name Pilot PC and Prod. Just wanted to know what the best practice is install the updated-on Pilot and Prod PC’s?Need to know how frequently we are patching Pilot and Prod group with Data and time.Thanks,Shoaib 

360
M
M
MD Shoaib PashaNovice
asked in Patch Tuesday
Why do we need to open port 80 all inbound/outbound for *.digicert.com

Hi Team,Wanted to know why port 80 has been used for *.digicert.com and *.digicertcdn. Also, why do we need to open inbound port for *.digicert.com?Thanks,Shoaib

1492
M
S
SophiaAXCommunity Manager
posted in Patch Tuesday
October 2023 Patch Tuesday: Automox Analysis and Worklets to Mitigate

🎃 October's Patch Tuesday has uncovered a whopping 112 vulnerabilities, including one Zero-Day vulnerability and 17 categorized as critical. But fear not, because we always have your back.We've got three exclusive Automox Worklets that will help you tackle 22 of these vulnerabilities head-on. Stay safe and unmask those monsters this October!  

350
S
J
jlavetanRookie
asked in Patch Tuesday
Windows Server Patching and Reboot Behavior

Not sure if there’s a problem or something isn’t configured correctly… We have groups of Windows servers (group 1, group 2, etc.) with patch policies (patch 1, patch 2, etc.). I’ve noticed that if there multiple rounds of Windows updates, the policy will only install the first round. I have manually run the policy again to install the remaining patches. For example, policy runs at 8:00 am, installs X number of patches and server reboots. After reboot, the server still has available patches to install and I have to manually run the policy to install the remaining patches. 

3522
J
sparrowhawk
sparrowhawkNovice
asked in Patch Tuesday
Devices that require a reboot

I have my patching policies set to automatically reboot and deferrals are configured so that the user gets two chances to put a restart off. But I’m still seeing machines that require reboots. How can I find out why the automatic reboots aren’t working and how can I fix this?TIAGreg

732
sparrowhawk
Terms & ConditionsCookie settings