Action1

𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗔𝗽𝗿𝗶𝗹 𝟮𝟬𝟮𝟲 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 164 vulnerabilities, two zero-days and eight critical ▪️ Third-party: web browsers, Cisco, Ivanti, Fortinet, F5 BIG-IP, Nginx UI, Oracle, HPE, MongoDB Server, etc. 𝐒𝐭𝐚𝐲 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐞𝐝 𝐰𝐢𝐭𝐡 𝐭𝐡𝐞𝐬𝐞 𝐫𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬: • Read the full Vulnerability Digest > on.action1.com/4ci3sSb • Watch the expert-led webinar replay > on.action1.com/4mxlKCc • Keep up with the latest CVEs on our Patch Tuesday Watch> on.action1.com/4ci3sSb

𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 164 vulnerabilities, two zero-days and eight critical ▪️ Third-party: web browsers, Cisco, Ivanti, Fortinet, F5 BIG-IP, Nginx UI, Oracle, HPE, MongoDB Server, etc. Navigate to 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗶𝗴𝗲𝘀𝘁 𝗳𝗿𝗼𝗺 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 for comprehensive summary updated in real-time.  >> action1.com/patch-tuesday/… Quick summary (top 10 by importance and impact): ▪️ 𝗪𝗶𝗻𝗱𝗼𝘄𝘀: 164 vulnerabilities, two zero-days (CVE-2026-33825 and CVE-2026-32201) and eight critical ▪️ 𝗖𝗶𝘀𝗰𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗙𝗶𝗿𝗲𝘄𝗮𝗹𝗹: Critical remote code execution vulnerabilities (CVE-2026-20079, CVE-2026-20131, CVSS 10.0) ▪️  𝗜𝘃𝗮𝗻𝘁𝗶 𝗘𝗻𝗱𝗽𝗼𝗶𝗻𝘁 𝗠𝗮𝗻𝗮𝗴𝗲𝗿: Unauthenticated access; actively exploited in the wild (CVE-2026-1603, CVSS 8.6) ▪️ 𝗖𝗵𝗿𝗼𝗺𝗶𝘂𝗺 / 𝗖𝗵𝗿𝗼𝗺𝗲: Multiple actively exploited zero-days (CVE-2026-3909, CVE-2026-3910, CVE-2026-5281, CVSS 8.8) ▪️  𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗽𝗽𝗹𝗶𝗮𝗻𝗰𝗲: Remote code execution with confirmed real-world exploitation (CVE-2026-35616, CVSS 9.1) ▪️𝗙𝟱 𝗕𝗜𝗚-𝗜𝗣: Unauthenticated remote code execution; actively exploited (CVE-2025-53521, CVSS 9.8) ▪️ 𝗡𝗴𝗶𝗻𝘅 𝗨𝗜: Unauthenticated access to backup data (CVE-2026-27944, CVSS 9.8) ▪️ 𝗢𝗿𝗮𝗰𝗹𝗲 𝗪𝗲𝗯𝗟𝗼𝗴𝗶𝗰: Critical unauthenticated remote code execution (CVE-2026-21992, CVSS 9.8) ▪️ 𝗛𝗣𝗘 𝗔𝗿𝘂𝗯𝗮 𝗔𝗢𝗦-𝗖𝗫: Authentication bypass (CVE-2026-23813, CVSS 9.8) MongoDB Server: Unauthenticated denial-of-service (CVE-2026-25611, CVSS 7.5) ▪️ 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗖𝗼𝗽𝗶𝗹𝗼𝘁: Information disclosure vulnerability (CVE-2026-26133, CVSS 7.1) 𝗠𝗼𝗿𝗲 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: action1.com/patch-tuesday/… 𝗦𝗼𝘂𝗿𝗰𝗲𝘀: - Action1 Vulnerability Digest >> action1.com/patch-tuesday/… - Microsoft Security Update Guide >> msrc.microsoft.com/update-guide/r…

What does patching actually look like inside a patch management company? At Action1, we don’t just build the product - we rely on it every day to manage our own environment. Same pressures, same risks, same expectations. This session is a candid look at how we approach patching internally, what decisions we make in real time, and what we’ve learned from doing it ourselves. Register now> 🎙️ Featuring Gene Moody, Field CTO and Colin Christman, Head of IT 📅 Tuesday, April 7 | 12 p.m. EDT

𝗛𝗼𝘄 𝗱𝗼𝗲𝘀 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 𝗳𝗶𝘁 𝗶𝗻𝘁𝗼 𝘆𝗼𝘂𝗿 𝗯𝗿𝗼𝗮𝗱𝗲𝗿 𝗜𝗧 𝗮𝗻𝗱 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝘁𝗮𝗰𝗸? Join our upcoming webinar to get a clear, consolidated view of how Action1 integrates with ITSM, security, automation, and identity platforms, helping teams streamline workflows and accelerate remediation. 📅 Wednesday, March 25 ⏰ 11 a.m. EDT / 4 p.m. CET Hear from Sean Carroll and William Busler as they walk through real use cases, integrations, and a live demo. 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗵𝗲𝗿𝗲> on.action1.com/3PBhnJW

You handle the endpoints - we’ll handle the commute. If you an IT Admin at RSAC 2026? 𝗚𝗲𝘁 𝗮𝗻 𝗨𝗯𝗲𝗿 𝗿𝗶𝗱𝗲 𝗼𝗻 𝘂𝘀 Stop by 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 𝗕𝗼𝗼𝘁𝗵 #𝟬𝟰𝟱𝟰, watch a quick 5-minute demo, and get a $20 Uber gift card! Because with Action1, you can patch & go - straight to your next stop. ✔️ RSAC 2026 | March 23–26 ✔️ San Francisco, Moscone Center ✔️ Booth #0454 Learn more: on.action1.com/4sRLtHp

Headed to #RSAC 2026? So are we. The Action1 team will be at Booth #0454, ready to show you that patching doesn’t have to be complicated or stressful. Join us for a 5-minute live demo and discover how you can: ▪️ Eliminate vulnerabilities faster ▪️ Automate patching across distributed endpoints ▪️ Reduce risk without complex infrastructure Plus, we’ll have interactive activities at the booth - come by, say hi, and see Action1 in action. ▪️ RSAC 2026 | March 23–26 ▪️ San Francisco, Moscone Center ▪️ Booth #0454 Check out the link to learn more about our booth activities and grab a pass code for complimentary access to the expo: on.action1.com/4uwS5Nd

Join our live demo and see 𝗽𝗮𝘁𝗰𝗵 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝘁𝗵𝗮𝘁 𝗷𝘂𝘀𝘁 𝘄𝗼𝗿𝗸𝘀. Discover how Action1 helps IT and security teams automate OS and third-party patching, detect vulnerabilities in real time, and maintain continuous patch compliance, all from a single cloud-native platform. 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿 𝗵𝗲𝗿𝗲> on.action1.com/4doqebN

𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 78 vulnerabilities, no zero-days and three critical ▪️ Third-party: web browsers, Cisco, Apple. Rapid7, Red Hat, Fortinet, Dell, SolarWinds, etc. Navigate to 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗶𝗴𝗲𝘀𝘁 𝗳𝗿𝗼𝗺 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 for comprehensive summary updated in real-time. on.action1.com/40kMH1V 𝗤𝘂𝗶𝗰𝗸 𝘀𝘂𝗺𝗺𝗮𝗿𝘆 (top 10 by importance and impact): ▪️𝗖𝗶𝘀𝗰𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗙𝗶𝗿𝗲𝘄𝗮𝗹𝗹: Critical vulnerabilities CVE-2026-20079 and CVE-2026-20131 (CVSS 10.0) affecting Secure Firewall Management Center, along with several additional related CVEs ▪️𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 𝗠𝗮𝗻𝗮𝗴𝗲𝗿: CVE-2024-43468 (CVSS 8.8) remote code execution vulnerability impacting enterprise configuration management deployments ▪️𝗠𝗼𝘇𝗶𝗹𝗹𝗮 𝗙𝗶𝗿𝗲𝗳𝗼𝘅: Multiple critical vulnerabilities in Firefox 148 including CVE-2026-2760, CVE-2026-2761, CVE-2026-2768, CVE-2026-2776, and CVE-2026-2778 (all CVSS 10.0), with many additional issues addressed in the update ▪️𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗔𝗱𝗺𝗶𝗻 𝗖𝗲𝗻𝘁𝗲𝗿: CVE-2026-26119 (CVSS 8.8) privilege escalation vulnerability allowing authenticated attackers to gain administrative access ▪️𝗔𝗽𝗽𝗹𝗲: CVE-2026-20700 memory corruption vulnerability (CVSS 7.8) affecting the dyld component across Apple platforms ▪️𝗥𝗮𝗽𝗶𝗱𝟳 𝗜𝗻𝘀𝗶𝗴𝗵𝘁 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺: Authentication bypass vulnerability CVE-2026-1568 (CVSS 9.6) allowing unauthorized access to protected platform functionality ▪️𝗥𝗲𝗱 𝗛𝗮𝘁 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗟𝗶𝗻𝘂𝘅: Multiple vulnerabilities including CVE-2026-1709, CVE-2026-1761, CVE-2026-1757, CVE-2026-1760, and CVE-2026-1801 (up to CVSS 8.8) impacting core system components ▪️𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁: CVE-2026-21643 (CVSS 9.1) SQL injection vulnerability affecting Fortinet endpoint management infrastructure ▪️𝗗𝗲𝗹𝗹 𝗥𝗲𝗰𝗼𝘃𝗲𝗿𝗣𝗼𝗶𝗻𝘁: Critical vulnerability CVE-2026-22769 (CVSS 10.0) affecting enterprise data replication and disaster recovery systems ▪️𝗦𝗼𝗹𝗮𝗿𝗪𝗶𝗻𝗱𝘀 𝗦𝗲𝗿𝘃-𝗨: Multiple critical vulnerabilities CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, and CVE-2025-40541 (all CVSS 9.1) enabling remote code execution in Serv-U file transfer servers 𝗠𝗼𝗿𝗲 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: on.action1.com/40jL4S5 𝗦𝗼𝘂𝗿𝗰𝗲𝘀: - Action1 Vulnerability Digest on.action1.com/40jL4S5 - Microsoft Security Update Guide msrc.microsoft.com/update-guide/r…

Patching isn’t hard. Keeping it consistent, compliant, and low-overhead is. In this live session, Action1 customers share how they approach patching across distributed environments, handle third-party updates, and improve compliance without overwhelming their teams. Register here> on.action1.com/4ldqe0b 📅 Tuesday, March 3 @ 12 p.m. EST You’ll hear practical insights on: ▪️ Reducing patching time without sacrificing coverage ▪️ Handling third-party and OS updates more efficiently ▪️ Improving endpoint visibility and patch compliance ▪️ Lessons learned from real-world deployment challenges

This month’s Patch Tuesday includes six vulnerabilities that were actively exploited before patches were available. Staying on top of updates remains a top priority for resilient IT operations. Credit: @philmuncaster at @InfosecurityMag infosecurity-magazine.com/news/microsoft…

“Security feature bypass vulnerabilities significantly increase the success rate of phishing and malware campaigns,” said Jack Bicer, Director of Vulnerability Research at Action1, in prepared commentary. “In enterprise environments, this flaw can lead to unauthorized code execution, malware deployment, credential theft, and system compromise.” Microsoft has fixed six actively exploited zero day vulnerabilities in its latest update, highlighting once again how attackers work to evade built in protections. Read the full Dark Reading article here: darkreading.com/vulnerabilitie…

Microsoft has patched 59 vulnerabilities in its latest Patch Tuesday release, including six actively exploited flaws. As Jack Bicer, Director of Vulnerability Research at Action1, notes, security feature bypass vulnerabilities remain especially dangerous because they undermine built-in protections and can accelerate system compromise. Read more in The Hacker News: thehackernews.com/2026/02/over-6…

🎉 We’re happy to announce that 𝗥𝗲𝗱 𝗛𝗮𝘁 𝗟𝗶𝗻𝘂𝘅 𝗶𝘀 𝗻𝗼𝘄 𝘀𝘂𝗽𝗽𝗼𝗿𝘁𝗲𝗱, expanding our OS coverage beyond Debian and Ubuntu. You can patch OS and third-party updates, run Bash scripts, and use Script Library scripts to deploy or remove packages on Red Hat systems. To learn more about this update, visit our 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗥𝗲𝗹𝗲𝗮𝘀𝗲𝘀 𝗽𝗮𝗴𝗲. on.action1.com/4tJxAfW

𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗙𝗲𝗯𝗿𝘂𝗮𝗿𝘆 𝟮𝟬𝟮𝟲 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ✔️ Microsoft has addressed 55 vulnerabilities, six zero-day and two critical ✔️ Third-party: web browsers, Cisco, Fortinet, ServiceNow, Palo Alto, SAP, Wordpress, Adobe, Oracle, etc. 𝐒𝐭𝐚𝐲 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐞𝐝 𝐰𝐢𝐭𝐡 𝐭𝐡𝐞𝐬𝐞 𝐫𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬: • Read the full Vulnerability Digest > on.action1.com/4kwY3sG • Watch the expert-led webinar replay > on.action1.com/4bToTZW • Keep up with the latest CVEs on our Patch Tuesday Watch> on.action1.com/4kwY3sG

𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ✅ Microsoft has addressed 55 vulnerabilities, six zero-day and two critical ✅ Third-party: web browsers, Cisco, Fortinet, ServiceNow, Palo Alto, SAP, Wordpress, Adobe, Oracle, etc. Navigate to 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗗𝗶𝗴𝗲𝘀𝘁 𝗳𝗿𝗼𝗺 𝗔𝗰𝘁𝗶𝗼𝗻𝟭 for comprehensive summary updated in real-time. bit.ly/4rjTRPF 𝗤𝘂𝗶𝗰𝗸 𝘀𝘂𝗺𝗺𝗮𝗿𝘆 (top 10 by importance and impact): ▪️ 𝗪𝗶𝗻𝗱𝗼𝘄𝘀: 55 vulnerabilities, six zero-days (CVE-2026-21533, CVE-2026-21525, CVE-2026-21519, CVE-2026-21514, CVE-2026-21513, CVE-2026-21510) and two critical ▪️ 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗢𝗳𝗳𝗶𝗰𝗲: Actively exploited zero-day security feature bypass via crafted files (CVE-2026-21509, CVSS 7.8) ▪️ 𝗖𝗶𝘀𝗰𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗘𝗺𝗮𝗶𝗹 𝗔𝗽𝗽𝗹𝗶𝗮𝗻𝗰𝗲𝘀 (𝗔𝘀𝘆𝗻𝗰𝗢𝗦): Internet-exposed zero-day (CVE-2025-20393, CVSS 10.0) ▪️ 𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁 𝗙𝗼𝗿𝘁𝗶𝗢𝗦 / 𝗙𝗼𝗿𝘁𝗶𝗠𝗮𝗻𝗮𝗴𝗲𝗿 / 𝗙𝗼𝗿𝘁𝗶𝗔𝗻𝗮𝗹𝘆𝘇𝗲𝗿: FortiCloud SSO authentication bypass chain enables full admin takeover and cross-tenant access; exploited (CVE-2025-59718 – CVSS 9.1, CVE-2025-59719 – CVSS 9.1, CVE-2026-24858 – CVSS 9.4) ▪️  𝗔𝗦𝗣.𝗡𝗘𝗧 𝗖𝗼𝗿𝗲 (𝗞𝗲𝘀𝘁𝗿𝗲𝗹): Critical HTTP request smuggling can bypass security controls and reach restricted endpoints (CVE-2025-55315, CVSS 9.9) ▪️ 𝗦𝗲𝗿𝘃𝗶𝗰𝗲𝗡𝗼𝘄 𝗔𝗜 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺: Unauthenticated user impersonation bypasses MFA/SSO and allows actions as any user (CVE-2025-12420, CVSS 9.3) ▪️ 𝗖𝗵𝗿𝗼𝗺𝗶𝘂𝗺 / 𝗖𝗵𝗿𝗼𝗺𝗲: Multiple high-severity V8 and Blink memory-safety flaws plus race condition in core engine (CVE-2026-0899–0908, CVSS up to 8.8; CVE-2026-1220, CVSS 8.8) ▪️ 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗱𝗴𝗲: High-severity browser vulnerabilities including heap corruption via crafted web content (CVE-2026-1861, CVSS 7.5; CVE-2026-21223, High severity – CVSS pending) ▪️ 𝗣𝗮𝗹𝗼 𝗔𝗹𝘁𝗼 𝗣𝗔𝗡-𝗢𝗦 𝗚𝗹𝗼𝗯𝗮𝗹𝗣𝗿𝗼𝘁𝗲𝗰𝘁: Unauthenticated DoS can force firewalls into maintenance mode, disabling inspection (CVE-2026-0227, CVSS 7.7) ▪️ 𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁 𝗙𝗼𝗿𝘁𝗶𝗦𝗜𝗘𝗠: Unauthenticated command injection → root-level remote code execution (CVE-2025-64155, CVSS 9.4) ▪️ 𝗦𝗔𝗣 𝗖𝗼𝗿𝗲 𝗖𝗼𝗺𝗽𝗼𝗻𝗲𝗻𝘁𝘀: Critical SQL injection, code injection, and RCE across S/4HANA and related systems (CVE-2026-0501 – CVSS 9.9, CVE-2026-0500 – CVSS 9.6, CVE-2026-0498 – CVSS 9.1, CVE-2026-0491 – CVSS 9.1) More details: on.action1.com/3MwDQqq 𝗦𝗼𝘂𝗿𝗰𝗲𝘀: - Action1 Vulnerability Digest on.action1.com/3MwDQqq - Microsoft Security Update Guide msrc.microsoft.com/update-guide/r…

🏈  The Action1 Super Bowl LX Commercial just hit the big screen! And yes, we hid a deliberate blooper in it. Find the blooper and win: linkedin.com/posts/action1c… #SBLX #SuperBowl #SuperBowlSunday #SuperBowl2026 #Touchdown #GameDay #SuperBowlChamps #SuperBowlAds #BestAd #Commercials #SuperBowlCommercials