Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting.
GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE).
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
Threat update
Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via purposely crafted requests. This Cybersecurity Threat Advisory highlights various recommendations to mitigate the potential impact on your devices.
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.
Microsoft says that all Windows 10 customers (including home users) will be able to pay for three extra years of security updates through the company's Extended Security Updates (ESU) program after the end of support (EOS) date.
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.