August Patch Tuesday: Authentication gap in Home windows Server 2025 now has a repair

The second gap “is more interesting,  It’ll be interesting to see what details are released on this, but it is command injection, which should be taken seriously,” he mentioned.

“With multiple AI-related vulnerabilities — GitHub Copilot and Azure OpenAI — this month is a great reminder that AI technologies are still new and we’re still figuring them out,” he added. “It is important that organizations understand where and how they are utilizing AI. Beyond that, they need to know what services they are using and how those services react to vulnerabilities and security issues. A lot of the time, when looking at AI-based services, we’re interested in data residency, retention, and ownership… do we stop to ask what they are doing to secure their systems and what their security policy is? This is a good reminder that if you aren’t doing that, it is time to start.”

“CSOs should also think about how they are measuring their risk and responding to it,” Reguly mentioned. Some vulnerabilities, based mostly on severity, are designated Critical based mostly on CVSS scores however rated Important by Microsoft, he identified. There are vulnerabilities that aren’t seeing lively exploitation however, in the event that they did, can be severely detrimental to organizations at a big scale. “Are you considering future risk or current risk? Whose severity do you trust?” he requested. “If you don’t have an internal methodology for determining and measuring risk, today is a great day to start developing one.”