Resources
Blog

March 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/11/2025
Today’s VERT Alert addresses Microsoft’s March 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1147 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-26633According to Microsoft, improper neutralization in Microsoft Management Console could allow an unauthorized attacker to bypass a security feature locally. For...
Vulnerability & Risk Management
ICS-Environments-and-Patch-Management-What-to-Do-If-You-Cant-Patch
Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

By Anastasios Arampatzis on Wed, 03/05/2025
The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...
Vulnerability & Risk Management
File Integrity & Change Monitoring
Industrial Control Systems
Magnifying glass showing fingerprint
Blog

Are Your VM Scans Testing the Entirety of the Network?

By Mieng Lim on Thu, 02/27/2025
Many organizations have a vulnerability management (VM) problem without knowing it. Vulnerability management is a crucial component of any organization’s cybersecurity program and is required by most major compliance standards because of its sink-or-swim impact on network security. One of the biggest issues in VM is that organizations aren’t testing the entirety of their networks. Could yours be...
Vulnerability & Risk Management
Tripwire VERT Security Update
Blog

VERT Threat Alert: January 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/14/2025
Today’s VERT Alert addresses Microsoft’s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-21333The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: December 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/10/2024
Today’s VERT Alert addresses Microsoft’s December 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1136 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-49138The only vulnerability that has been publicly disclosed and exploited this month is CVE-2024-49138, a vulnerability in the Windows Common Log File System...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: November 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/12/2024
Today’s VERT Alert addresses Microsoft’s November 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1132 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43451A vulnerability that allows for NTLMv2 hash disclosure has been both publicly disclosed and actively exploited. According to Microsoft, only minimal...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: October 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 10/08/2024
Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43573A vulnerability in the Windows MSHTML Platform has seen active exploitation attacks against a spoofing vulnerability. Based on the CWE that Microsoft selected...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: September 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/10/2024
Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217Windows uses the Mark of the Web (MoTW) to identify files downloaded from the Internet. This is done by setting the NTFS Zone.Identifier alternate Data...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: August 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/13/2024
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: July 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/09/2024
Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-38112A vulnerability in the Windows MSHTML Platform could allow spoofing to occur. Successful exploitation of this vulnerability requires that the attacker convince...
Vulnerability & Risk Management
VERT Research
Tripwire VERT
Blog

VERT Threat Alert: June 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 06/11/2024
Today’s VERT Alert addresses Microsoft’s June 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog

VERT Threat Alert: May 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/14/2024
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-30040 Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object...
Vulnerability & Risk Management
VERT Research
Datasheet

What Makes Fortra’s Tripwire Different

Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Vulnerability & Risk Management
Cybersecurity
Compliance
File Integrity & Change Monitoring
Incident Detection & Investigation
Industrial Control Systems
IT Security Operations & Asset Discovery
Managed Security Services
Security Configuration Management
On-Demand Webinar

Demystifying Vulnerability Management: Cutting Through the Noise

Wed, 10/18/2023
Vulnerability management (VM) is an essential cybersecurity control to discover, profile, and assess vulnerability risk so security teams can act quickly to close attack vectors. Over the years the lines have blurred a little regarding which cybersecurity practices fall under the VM classification. Watch this on-demand webinar to learn the basics of VM and how...
Vulnerability & Risk Management
Datasheet

Tripwire Vulnerability Risk Metrics

A vulnerability management program should provide a series of metrics that outline the vulnerability risk to the organization and how the risk posture is trending. In addition to this, reports should be provided which show system owners which vulnerabilities pose the greatest risk to the organization and how to remediate them. This report outlines recommendations for vulnerability management...
Vulnerability & Risk Management
Datasheet

Tripwire Vulnerability Scoring System

Vulnerability and Risk Analysis Measuring and managing the security risk associated with information and information technology remains one of the most challenging and debated problems faced by all levels of an organization. While scoring standards designed to assist with solving this problem have been developed over the past decade, a select few have accomplished this and those that have are...
Vulnerability & Risk Management
Datasheet

Tripwire IP360 Agent-Based Vulnerability Management

When should your security strategy include agent-based monitoring? It can be difficult to discern when and how to incorporate agents into your vulnerability management processes. There are several instances in which agent-based monitoring offers superior support and protection across your networks. But that doesn’t mean you need to opt for a 100 percent agent-based approach, either. There are...
Vulnerability & Risk Management
Datasheet

Advanced Vulnerability Risk Scoring and Prioritization

Over the past several years, the number of known vulnerabilities has grown drastically, and has continued to challenge security and operations teams to keep pace with the continuing flow of new security advisories. One of the biggest problems is accurately determining which vulnerabilities present the greatest risk to prioritize remediation efforts. Most vulnerability management tools use crude...
Vulnerability & Risk Management