He stormed up to my desk, leaned over my partition, and began his rant before I could so much as say hello. He screamed about the rubbish laptops and IT systems we had, nothing ever worked, all the usual stuff. The user's rant ended with a thundered 'Just FIX IT!'
"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
But are things getting worse? According to Register readers, and the company's own release health dashboard, the answer has to be yes. It isn't just you. The frequency of emergency out-of-band releases for the company's operating systems has been rapidly increasing to the point where, for every Patch Tuesday update, there'll likely be at least one out-of-band patch to fix whatever got broken.
This month, over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs, and of those, six were rated exploitation more likely across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server, and Winlogon. We know these bugs are typically used by threat actors as part of post-compromise activity, once they get onto systems through other means (social engineering, exploitation of another vulnerability).
Microsoft has released emergency out-of-band security updates to fix an actively exploited zero-day vulnerability in Microsoft Office. The flaw allows threat actors to bypass built-in Office security protections after tricking users into opening malicious files, typically delivered through phishing or social engineering. The vulnerability "... in Microsoft Office allows an unauthorized attacker to bypass a security feature locally," Microsoft said in its advisory.
