#Tag · bonfire.cafe

Zack Whittaker and 1 other boosted

BrianKrebs

Hey Windows (ab)users: It's Patch Tuesday again! Patch 'em if you got 'em.

https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/

#patchtuesday

Microsoft Patch Tuesday, December 2025 Edition

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed…

a screenshot of the Windows Update page, which says "You're up to date"

BrianKrebs

@briankrebs@infosec.exchange · 3 weeks ago

Hey Windows (ab)users: It's Patch Tuesday again! Patch 'em if you got 'em.

https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/

#patchtuesday

Microsoft Patch Tuesday, December 2025 Edition

Joel Michael boosted

Sticker the Planet

@Stickerum@infosec.exchange · 4 weeks ago

After #CyberMonday comes #PatchTuesday, naturally.

—> https://stickerthepla.net/#018 <—

Dark times call for glow-in-the-dark #SafetyThird patches with velcro backing. Incredible deals when you bundle up several: THREE for $29, or TEN for $69 USD.

Order today for bonus gifts for your sleigh. MOAR stocking-stuffers: https://stickerthepla.net
#PatchAllTheThings
#EPluribusStickerum

glowy safety third patch is velcro backed too

Sticker the Planet

@Stickerum@infosec.exchange · 4 weeks ago

After #CyberMonday comes #PatchTuesday, naturally.

—> https://stickerthepla.net/#018 <—

Dark times call for glow-in-the-dark #SafetyThird patches with velcro backing. Incredible deals when you bundle up several: THREE for $29, or TEN for $69 USD.

Order today for bonus gifts for your sleigh. MOAR stocking-stuffers: https://stickerthepla.net
#PatchAllTheThings
#EPluribusStickerum

Matt "msw" Wilson

@msw@mstdn.social · 4 months ago

I definitely recommend folks read the paper linked in the first post. Here's a TL;DR summary in the form of Figure 1: " "A hypothetical graph of risks of loss from penetration and from application of a bad patch. The optimal time to apply a patch is where the risk lines cross."

#CVE #OSS #FOSS #FLOSS #OpenSource #FreeSoftware #InfoSec

@smb @adamshostack

A graph showing Time along the X axis and Risk of Loss along the Y axis. Two curves are on the graph, one is the "bad patch risk" which decreases over time, and the other is "penetration risk" which increases over time. Where the two lines cross, a circle is drawn representing "Optimal Time to Patch".

Caption: "Figure 1: A hypothetical graph of risks of loss from penetration and from application of a bad patch. The optimal time to apply a patch is where the risk lines cross." — A graph showing Time along the X axis and Risk of Loss along the Y axis. Two curves are on the graph, one is the "bad patch risk" which decreases over time, and the other is "penetration risk" which increases over time. Where the two lines cross, a circle is drawn representing "Optimal Time to Patch". Caption: "Figure 1: A hypothetical graph of risks of loss from penetration and from application of a bad patch. The optimal time to apply a patch is where the risk lines cross."

Matt "msw" Wilson

@msw@mstdn.social replied · 4 months ago

@smb @adamshostack

Folks who like that paper may light this one as well.

It studies Microsoft "Patch Tuesday" updates in particular, which are much different (in my opinion) than your typical open source software updates that are labeled with a CVE.

#CVE #PatchTuesday #InfoSec

https://arxiv.org/abs/2307.03609