Items tagged with Patch Tuesday

Brace yourself, Patch Tuesday is coming. This time around, Microsoft released a total of eight security bulletins, three of which are rated Critical and the other five listed as Important. All combined, these eight security updates will patch up 24 Common Vulnerabilities and Exposures (CVEs) in Windows, Office, .NET Framework, .ASP, .NET, and Internet Explorer. Among the fixes is a patch for a vulnerability being exploited by the Sandworm Team, the name given to a group of Russian hackers who have been taking advantage of a particular zero-day security hole that's been shipping in all versions... Read more...
IT admins take notice, you will no longer receive email notifications from Microsoft announcing Patch Tuesday security bulletins. This includes security bulletin advance notifications and summaries, as well as new security advisories and bulletins and major or minor revisions to security advisories and bulletins, Microsoft announced. This change pertains to anyone who opted into a mailing list that Microsoft set up a long while back to alert them to Patch Tuesday updates. "In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website,"... Read more...
One could make an argument that Microsoft is the king of mixed messages. Just look at how the Redmond software giant has handled Windows XP over the years -- it was given several reprieves before finally being shunned for support, though it still received an out-of-cycle patch for Internet Explorer to address a serious zero-day bug. However, that was a one-time thing, and in a blog post regarding yesterday's Patch Tuesday roll out, Microsoft made it clear that XP is no longer supported. "For those wondering, Windows XP will not be receiving any security updates today. For some time we have been... Read more...
We're coming up on the second Tuesday of the month, which is when Microsoft rolls out a collection of security updates for Windows and Internet Explorer. Otherwise known as "Patch Tuesday," the one that's coming up tomorrow will be relatively light compared to previous ones as it contains only five security bulletins, however two of them are deemed Critical and three Important, and several of them require a restart. The first Bulletin addresses a zero-day vulnerability affecting IE versions 9 and 10, along with other security fixes for IE versions 6 through 11. This one is deemed Critical because... Read more...
The long awaited "Update 1" to Windows 8.1 is reportedly scheduled to arrive on the MSDN channel on April 2, 2014, and via Windows Update on April 8, which is Patch Tuesday. Perhaps not coincidentally, Windows 8.1 Update 1 rolls into town just as support for Windows XP is coming to an official close after more than 12 years.of service. Those dates come from Paul Thurrott, owner of Supersite for Windows, who posted the information on Twitter. While that doesn't qualify as being official -- it's not coming directly from Microsoft, in other words -- Thurrott is generally on top of such things. Based... Read more...
Patch Tuesday is right around the corner (tomorrow, in fact), and in advance of its monthly update package, Microsoft is giving a heads up that this month's will contain three "Critical" patches and five labeled as "Important." A Critical rating is the most severe and indicates a vulnerability whose exploitation could allow code execution without user interaction. One of the Critical security bulletins covers all versions of Internet Explorer on every flavor of Windows. In other words, if you run Windows, you'll need to update (or should, anyway), and yes, this particular one will require a system... Read more...
Heads-up, if you're running older versions of the Windows operating system, Microsoft Office or Microsoft Lync communication platform software. Microsoft released a security advisory noting that the TIFF (Tagged Image File Format) image handler in some of these older Microsoft software suites is subject to a vulnerability whereby "specially crafted TIFF images" could convince the user to open email messages, files or web content that could be used to exploit the host machine. Microsoft details the remote code execution vulnerability in security advisory 2896666 (evil, eh?) noting: "An attacker... Read more...
Microsoft may need to take yet another mulligan on more Patch Tuesday updates that, for some, are causing more problems than they purport to fix. The latest round of updates were supposed to address 14 security flaws, though some users are complaining that certain patches are causing weird and frustrating problems. According to InfoWorld, at least five updates are causing issues. These include KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583. The first of those is not a security patch, but one that's intended to bring more functionality to Office 2013. However, some users are complaining... Read more...
Patch Tuesday is right around the corner – July 9th, in fact – and this month’s patch is bringing several updates that warrant the “Critical” rating, which is Microsoft’s highest rating for update importance. Microsoft is giving IT administrators a heads up with a Security Bulletin Advance Notification that spells out the types of fixes and the software they affect. Microsoft's Upcoming Patch Tuesday Fixes. Image Credit: Microsoft The Critical vulnerability fixes are meant to prevent “remote code execution.” Malicious users can conceivably use these... Read more...
This month's Patch Tuesday will plug up less than a dozen vulnerabilities -- 11, to be exact -- in various flavors of Windows, Microsoft Office, Internet Explorer, and other software, Microsoft announced in a Security Bulletin Advance Notification for April 2012. Microsoft issued half a dozen bulletins in all, the same number as last month, though all but two are rated "Critical" this time around. All four Critical bulletins deal with remote code execution, one of which affects every version of Internet Explorer (6-9) on various platforms, including Windows XP, 2003, 7, and 2008, regardless of... Read more...
Microsoft is planning to keep things relatively low-key on March 13th, otherwise known as Patch Tuesday, which will contain only six security bulletins. Only one of those is deemed Critical; the other five consist of four that are labeled Important and one that is rated Moderate. The critical fix applies to all versions of Windows since XP and plugs up a security hole that could allow an attacker to gain control of an infected system remotely. "Organizations will have to reboot after applying the critical patch, which indicates that it is fix for a kernel level bug," said Marcus Carey, a security... Read more...
The second Patch Tuesday of 2012 falls on February 14, otherwise known as Valentine's Day, and instead of a box of chocolates or flowers, Microsoft is giving its users the gift of security via nine security bulletins. Four of the updates are rated Critical and other five are labeled Important by the Redmond software giant. All but one of the Critical bulletins apply to Windows, while the fourth relates to Microsoft's .NET framework and Silverlight platforms. Four of the Important bulletins also apply to Windows, and one plugs up a security hole in Office and Server software. Seven of the nine updates... Read more...
It's a new year and already the first Patch Tuesday of Microsoft's monthly Windows update schedule has come and gone. If you ignored the update notification sitting your system tray, take a moment to let Windows Update do its thing, and as a reward for kicking procrastination to the curb, Microsoft will get rid of a BEAST that resides on your system. We're not being dramatic, that's in reference to a so-called BEAST SSL security flaw that's among the many patches contained in the seven bulletins for the first Patch Tuesday of 2012. All but one are labeled "Important," and the remaining bulletin... Read more...
Microsoft came ever-so-close to ending the year without a single unscheduled patch outside of its monthly Patch Tuesday routine, but in the end, three "Critical" vulnerabilities found in its .NET Framework prompted the Redmond software giant to take action immediately. Left unpatched, the flaws could allow for the elevation of privileges if an unauthenticated attacker sends a specially crafted Web request to the target site, Microsoft said. "An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing... Read more...
1 2 Next