Tag

#incomplete-patch

2 posts tagged #incomplete-patch.

Analysis · May 11, 2026 · The Commentary Desk

The CVSS 4.3 that APT28 was already using

Microsoft shipped the fix for CVE-2026-32202 without an exploitation flag while Russian state actors had a five-month head start. Vendor-tag triage missed it. The federal deadline is tomorrow.
Analysis · May 5, 2026 · The Field Notes Desk

The patch that wasn't: why SharePoint's fix needed a fix

CVE-2025-53770 bypassed Microsoft's July patch for SharePoint within days. The problem isn't bugs. It's that incomplete fixes are a pattern, and patch compliance frameworks can't measure patch quality.