Just a few weeks ago, we asked how many more patch Tuesdays we had left before pieces of the cookie began to crumble a bit. Microsoft answered the question by issuing an out-of-band update when one of their patches recently failed, and left users unable to authenticate.

For this specific situation, you must manually download the out-of-band update. You can find the update for your Windows version at the Microsoft Update Catalog.

We often talk to businesses who don’t prioritize good cyber hygiene, and generally have little understanding of how the Internet actually works. To say that it’s time to take Cybersecurity seriously is an understatement, and as that line was just typed there were thousands of attempts on American Critical Infrastructure.

All of us who participate in the network that is the Internet have a joint interest in keeping it secure. Additionally, those of us who live in the USA have a vested interest in protecting the nation’s Critical Infrastructure.

It seems a bit backwards to wait for another disaster such as the Colonial Pipeline attack. It also seems logical to reason that there likely are vulnerabilities already hiding in many organizations’ infrastructure. Hackers need dwell time, and each day we do nothing is giving them just that.

It’s not hard to find a new entry point, the Internet is called Cyber Space for a reason: it’s full of potential pathways. Bug hunters find new zero-day threats all the time, and the ones that were found last month didn’t just go away.

Just because you walked into the office today and didn’t see a ransomware screen demanding payment to decrypt your systems doesn’t mean your network is free of already-established-risk. It just means that whatever risks may be lurking have yet to be exploited, and that is the perfect time to tighten your defenses before a clean-up crew is the only option.

Hear Colonial Pipeline’s CEO Testify About Insufficient Cybersecurity Protections

Here’s a list of the most major updates and patches just this week:

Apple iOS & iPadOS 15.5 updates fix 34 vulnerabilities, including Kernel flaws



Apple Watch

Apple AVD flaw allows an app to execute code with Kernel privileges 

Microsoft Windows patch (which failed) fixed 75 vulnerabilities 

Firefox 100.0.2

Firefox ESR 91.9.1

Thunderbird 91.9.1

Android patches fix 36 vulnerabilities including privilege escalation bug in Linux Kernel

Qualcomm components of Android

Android System

MediaTek components of Android

Google Pixel


Chrome 102 fixes 32 issues including DevTools, UI foundations, and user education function

Cisco Enterprise NFV Infrastructure

Nvidia GPU display driver includes 10 vulnerabilities including Kernel on Windows & Linux

Zoom update fixes a vulnerability that allows attackers to connect users to a malicious server

VMWare patches fix privilege escalation and authentication bypass 

VMWare says the patches must be applied immediately as “the ramifications are serious.” Particularly alarming to us is how many times the word “Kernel” is used in the list of known vulnerabilities. In a nutshell, it pretty much doesn’t get any worse than a Kernel-level exploit. If the device is a body, the Kernel is the heart.

At&t recently launched a drone called COW (Cell On Wings) that blankets an area in 5G signal, and is experimenting with keeping it in the air for months without landing by harnessing Solar power. These days there’s no shortage of important people and various countries launching Global Satellite Internet systems. This helps to paint the picture of the emerging connectivity of the Internet-of-Things, and a simple reverse engineering of that concept reminds us that malware also benefits from the increasing connectivity. We’ve really all got to secure our own Cyber Space so that the coming connectivity is a positive experience for all of us. Building a castle on a shaky foundation is only good for the shaky foundation, which eventually consumes the castle when it collapses.

Please take patches and updates seriously, and consider a risk assessment to see what the current situation of your network is. It’s not true that what you don’t know can’t hurt you, it just adds insult to injury by surprising you. Be the first to know the state of your network, and just remember: as G.I. Joe correctly stated, knowing is half the battle.

The other half is taking actionable intelligence and using your tools strategically. This is a good time to remind our readers that Extended Detection & Response (XDR) is the smart AI-Driven pathway forward, as all of this is a whole lot for the human mind to stay ahead of. As always, we are here to help. Feel free to reply with questions, or to talk about fortifying your online presence with XDR-centric Cybersecurity.

var ss_form = {‘account’: ‘MzawMDG3NDQ1AgA’, ‘formID’: ‘Mzc2MLQ0sDDRNbA0StE1MU420U1KSkrUTTQ0NrFMMUlMMzU2AgA’};
ss_form.width = ‘100%’;
ss_form.domain = ‘app-3QNKXF6B90.marketingautomation.services’;
// ss_form.hidden = {‘field_id’: ‘value’}; // Modify this for sending hidden variables, or overriding values
// ss_form.target_id = ‘target’; // Optional parameter: forms will be placed inside the element with the specified id
// ss_form.polling = true; // Optional parameter: set to true ONLY if your page loads dynamically and the id needs to be polled continually.

The post Updates, Failed Patches, & More Updates appeared first on Cybersecurity | Penetration Testing | CMMC | NIST.

Craig Petronella

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People,

Craig Petronella is the founder of Petronella Technology Group, Inc. (PTG) an internationally trusted IT cybersecurity and compliance consulting group with over 30 years’ experience helping federal contractors and businesses with cybersecurity and compliance regulations, and who’s patented 22-layer systems cover your People, Processes and Technology.

Craig is an Amazon #1 Best-Selling Author of many books, including “The Ultimate Guide To CMMC”, founder of the podcast Cybersecurity and Compliance with Craig Petronella – CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001 https://petronellatech.buzzsprout.com/ and is an MIT Certified Professional in AI, Blockchain, Cybersecurity and Compliance.

Almost all of Craig’s clients are earned by referral with little or no advertising, and he is well-known and highly-regarded in professional circles throughout the US, after serving as compliance consultant and conducting onsite risk assessments for over 500 medical practices, hospitals, and business associates across the country.

Continuity of your business operations starts with cybersafety.

PTG provides Cybersecurity & Compliance Consulting Services, including:

We help defense contractors, medical practices, law firms and various businesses that are regulation comply with ANY regulation, including:

  • CMMC
  • NIST 800-53 & 171
  • SOX
  • All ISO & SOC levels
  • & Many More…

We serve customers across all sectors in public & private organizations. We understand that each industry and organization has unique IT challenges and our expertise enables us to help you navigate the regulatory mandates and customize a solution tailored to your needs.