NIST updates Security and Privacy Control catalog for improved patch management
Summary
Hide โฒ
Show โผ
The US National Institute of Standards and Technology (NIST) has revised its Security and Privacy Control catalog to enhance software update and patch release protocols. The update aims to mitigate risks in the software development and deployment process, helping organizations reduce the attack window and improve patch management. The catalog, originally published in 2020, details security and privacy safeguards for mitigating cyber-risks. The latest update focuses on addressing risks related to software updates and patch releases, providing guidance for both public and private sectors. The revision includes three main changes to help organizations understand their role in ensuring the security of the software on their systems.
Timeline
-
02.09.2025 16:01 ๐ฐ 1 articles
NIST updates Security and Privacy Control catalog to enhance patch management
The US National Institute of Standards and Technology (NIST) has revised its Security and Privacy Control catalog to improve software update and patch release protocols. The update includes three main changes to address risks in the software development and deployment process, helping organizations reduce the attack window and improve overall security. The revision was completed in response to a June executive order and includes discussions on least-privilege access, flaw-remediation testing, customer agreements, notification, and coordinating updates.
Show sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
Information Snippets
-
The Security and Privacy Control catalog is a set of security and privacy safeguards for mitigating cyber-risks.
First reported: 02.09.2025 16:01๐ฐ 1 source, 1 articleShow sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
-
The catalog covers access, authentication, incident response, and supply chain risk management.
First reported: 02.09.2025 16:01๐ฐ 1 source, 1 articleShow sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
-
The latest update aims to reduce the attack window by improving patch management and software update releases.
First reported: 02.09.2025 16:01๐ฐ 1 source, 1 articleShow sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
-
The update includes three main changes to address risks in the software development and deployment process.
First reported: 02.09.2025 16:01๐ฐ 1 source, 1 articleShow sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
-
The revision was completed in response to a June executive order requiring an update to the Security and Privacy Control Catalog by September 2.
First reported: 02.09.2025 16:01๐ฐ 1 source, 1 articleShow sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
-
The update was completed under a new commenting system, allowing proposed revisions and feedback in real time.
First reported: 02.09.2025 16:01๐ฐ 1 source, 1 articleShow sources
- NIST Enhances Security Controls for Improved Patching โ www.darkreading.com โ 02.09.2025 16:01
Similar Happenings
Google Patches Two Zero-Day Vulnerabilities Under Active Exploitation in Android
Google released September 2025 Android security updates addressing 111 vulnerabilities, including two zero-day flaws actively exploited in targeted attacks. The vulnerabilities allow privilege escalation without user interaction. The patches include fixes for remote code execution, information disclosure, and denial-of-service issues across various components. The updates are part of Google's monthly security bulletin, with two patch levels released to provide flexibility for Android partners. The vulnerabilities were discovered by Benoรฎt Sevens of Google's Threat Analysis Group (TAG).
Windows 11 KB5064081 update improves CPU usage metrics in Task Manager
Microsoft released the KB5064081 preview cumulative update for Windows 11 24H2. This update introduces several new features, including an improved method for displaying CPU usage metrics in Task Manager. The update is optional and part of the company's non-security preview update schedule. The update addresses inconsistencies in CPU usage reporting by standardizing the metrics across Task Manager. It also includes various other fixes and improvements, such as new Recall features and enhancements to the Taskbar and File Explorer. Users can install the update via Windows Update or manually download it from the Microsoft Update Catalog. Additionally, Microsoft released the KB5065426 and KB5065431 updates, which introduce new features and improvements to Windows 11, including enhancements to Recall, Click to Do, Task Manager, and Windows Backup for Organizations. PowerShell 2.0 will no longer be included in Windows 11, version 24H2, starting in August 2025.
Microsoft August 2025 Patch Tuesday Addresses 111 Vulnerabilities, Including Multiple Critical EoP Flaws
Microsoft's August 2025 Patch Tuesday addressed 111 vulnerabilities, with 16 rated Critical, 92 Important, 2 Moderate, and 1 Low in severity. The update includes fixes for 44 elevation-of-privilege (EoP) flaws, 35 remote code execution (RCE) vulnerabilities, 18 information disclosure flaws, 8 spoofing vulnerabilities, and 4 denial-of-service defects. Notable patches include fixes for Azure OpenAI, Windows Kerberos, and Microsoft SQL Server. The update also addresses critical RCE vulnerabilities in SharePoint, Windows Graphics Component, and Microsoft's GDI+ graphics interface, highlighting the need for immediate patching and mitigation strategies. The update is significant for its focus on EoP vulnerabilities, which can allow attackers to escalate privileges post-compromise. Key vulnerabilities include CVE-2025-53767 in Azure OpenAI, CVE-2025-53779 in Windows Kerberos, and multiple flaws in Microsoft SQL Server. Microsoft's September 2025 Patch Tuesday addresses 81 vulnerabilities, including two publicly disclosed zero-day vulnerabilities in Windows SMB Server and Microsoft SQL Server. The update also includes fixes for 38 EoP vulnerabilities, 22 RCE vulnerabilities, 16 information disclosure vulnerabilities, 3 denial of service vulnerabilities, 1 spoofing vulnerability, and 2 security feature bypass vulnerabilities. The KB5065429 cumulative update for Windows 10 22H2 and Windows 10 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update includes Microsoft's September 2025 Patch Tuesday security updates, which fix two publicly disclosed zero-day vulnerabilities and 81 flaws. Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed vulnerability in Windows SMB. The update includes fixes for 38 EoP vulnerabilities, 22 RCE vulnerabilities, 14 information disclosure vulnerabilities, and 3 denial-of-service vulnerabilities. The update also addresses critical flaws in Azure Networking, Microsoft High Performance Compute (HPC) Pack, and Windows NTLM, among others.