Computer Safety & News

Microsoft has released important “Patch Tuesday” monthly security updates. These should applied promptly as some of these vulnerabilities have potential to be actively exploited in-the-wild later: https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/ https://blog.talosintelligence.com/2020/12/microsoft-patch-tuesday-dec-2020-.html https://www.thezdi.com/blog/2020/12/8/the-december-2020-security-update-review https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/microsoft-releases-december-2020-security-updates https://patchtuesdaydashboard.com/ https://portal.msrc.microsoft.com/en-us/security-guidance/summary For December, Microsoft released patches to correct 58 CVEs and one new advisory in Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office […]

Many vendors are responding to design vulnerabilities in TCP/IP protocol stack that could allow unauthorized access among many software & OEM vendors.  All products should be promptly patched as security updates become available. https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/certcc-releases-information-vulnerabilities-affecting-open-source CISA & US/CERT have released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) […]