The Zerologon vulnerability Microsoft patched in Windows Server last month is actively being exploited in several attacks, Microsoft warned.
Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.
DNS issues are bad news, and SigRed is among the worst: Microsoft fixes a flaw in Windows DNS Server which has a severity rating of 10 and is believed to be wormable.
A critical vulnerability in F5 Networks’ BIG-IP networking gear is under active attack, just days after the company first announced the flaw.
Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.