Items tagged with Patch Tuesday
In case you were thinking about holding off applying yesterday's Patch Tuesday update, which requires a system reboot, you should probably go ahead and hit the restart button. This month's cumulative update patches a whopping 113 vulnerabilities, at least three of which are zero-day flaws currently being exploited in the wild. This is one of the more important Patch Tuesday updates in quite some time, and unlike last month's it comes without revealing any nasty wormable exploits. Out of the 113 bugs it squashes, 19 of them are labeled as critical, the most severe rating Microsoft assigns, and the other 94 are all labeled as important. The collection of updates also address numerous products,...
Read more...
Companies around the globe are finding themselves altering their way of business due to COVID-19/coronavirus. That burden even falls on massive multinational companies like Microsoft, which has been making adjustments to its cloud business to handle increased demand. Today, Microsoft has announced changes to Window 10 that will affect the way that cumulative updates are delivered to customers. Starting in May, Microsoft says that it will pause optional updates for Windows 10. Microsoft refers to these optional updates internally as C and D updates (C and D reference the third and fourth week of the month, whereas A and B are obviously the first and second week). This delivery...
Read more...
This month's Patch Tuesday collection of security updates came with an added surprise—a disclosure of a "wormable" vulnerability affecting the Server Message Block 3.1.1 (SMBv3) network communication protocol. What made this unusual is that the fix was not included in the Patch Tuesday package, so the vulnerability should not have been disclosed. That's a big 'oops' moment by Microsoft. Though it was not initially published to the public, several security partners that are part of the Microsoft Active Protections Program were alerted to the bug and posted details on the security flaw, labeled as CVE-2020-0796. One of them has since removed its posting after finding out it was not fixed....
Read more...
Microsoft’s track record when it comes to major (and cumulative) Windows 10 updates hasn’t exactly been stellar in recent years. We’ve recounted numerous times how users have encountered issues with cumulative updates, including recently with KB4532693. This Patch Tuesday update was meant to fix a number of minor bugs including issues with cloud printers, but it also introduced a few of its own. Many users were affected by a bug that would cause their user profile to simply disappear. Other issues included resetting the Start Menu to its default state, wiping out custom icons in the process. For its part, Microsoft is now owning up to the update goof (at least unofficially)...
Read more...
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot vulnerability. “CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully,...
Read more...
Multiple report have surfaced complaining about one of the patches included this month's Patch Tuesday cumulative update package that Microsoft began pushing out to Windows users on February 11. The problematic update, KB4532693, is for Windows 10 and is intended to fix a few different issues, including one that occurs when migrating cloud printers during an upgrade. However, it is apparently introducing some bugs of its own. Some users who installed the update say the user profile goes missing. There have also been complaints of custom icons and settings getting wiped with the desktop and Start Menu being reset to default, and desktop files going missing. It's not yet clear how widespread the...
Read more...
If you are in the habit of putting off those monthly security patches Microsoft doles out on the second Tuesday of every month (known as Patch Tuesday), you may want to reconsider your approach today. A security researcher says one of the patches in today's cumulative roundup will address a serious vulnerability in a core cryptographic component affecting most versions of Windows. "According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles 'certificate and cryptographic messaging functions in the CryptoAPI'. The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications...
Read more...
Patch Tuesday was less than a week ago, but Microsoft is already pushing a wide range of Cumulative Updates for older version of Windows 10. The updates were first pushed out on August 17th, and covers Windows 10 Versions 1809 (October 2018 Update), 1709 (Fall Creators Update), 1703 (Creators Update), 1607 (Anniversary Update) and 1507 (Original Release). The key thing to remember with these updates, which were first noticed by Neowin, is that they are not automatically applied when you go to Windows Update and check for updates. Instead, they are completely optional and can be installed at your discretion. It's also notable that there are no security-related items in these updates, which...
Read more...
Due to the inclusion of some important security patches, it is in your best interest to apply Microsoft's latest Patch Tuesday update as soon as possible. At the same time, some users have reported issues getting it to install, while others are blaming the update for borking their PC, saying it is causing random restarts. Oh boy! This is why automatic updates are both a blessing and a curse. Some people prefer to wait a bit before patching Windows with the latest security updates, for this very reason—this is certainly not the first time a Patch Tuesday roll out has seemingly caused problems. What makes this tricky, however, is Microsoft's recent disclosure of four new wormable exploits...
Read more...
Although the Windows 7 operating system was first released way back in 2009, it is still being updated on a regular basis by Microsoft -- that is until extended support ends on January 14th, 2020) Like clockwork, Windows 7 received the usual bevy of bug fixes and security updates during Patch Tuesday. However, Microsoft is drawing suspicion over some added content with KB4507456, which is labeled as a "Security-only update". This month's update is being bundled with a Compatibility Appraiser (KB2952664), which is a diagnostics tool for systems running legacy Windows operating systems. Microsoft describes the Compatibility Appraiser, writing, "The diagnostics evaluate the compatibility status...
Read more...
The April Patch Tuesday update, which landed on April 9 for Windows systems, is still wreaking havoc on numerous systems. As we've previously reported, the KB4493472 has been especially problematic for antivirus programs -- Sophos Endpoint Protection was among the first to encounter problems, while Avira and Avast were other victims. We're now learning that McAfee software has also been affected by the Patch Tuesday updates. In this case, two software programs have been identified by Microsoft and McAfee as currently being incompatible: McAfee Endpoint Security (ENS) Threat Prevention 10.x and McAfee Host Intrusion Prevention (Host IPS) 8.0. According to Microsoft's updated release...
Read more...
Few things are more annoying than when a Windows update wreaks havoc on your system. It's a case of the cure being worse than the disease, as Ray Stevens sang about in his comical song "Doctor Doctor (Have Mercy On Me)." We saw this play out recently when it was reported that a Patch Tuesday roll out was causing boot problems on some systems with certain antivirus software installed, and the list of affected AV software appears to be growing. Image Source: Flickr via Rory Finneren Originally, Microsoft only said that the update was conflicting with some machines that have Sophos Endpoint Protection installed. Sophos also acknowledged the problem, saying it had received reports of PCs failing...
Read more...
Another day, another update fiasco that Microsoft and its partners must battle through. Earlier this week, Microsoft issued another round of monthly “Patch Tuesday” updates, but things didn’t go so swiftly for those that have Sophos Endpoint Protection installed on their systems. Sophos acknowledged the problem on its support website this morning, writing, “Sophos has received reports of computers failing to boot. Sophos is actively investigating this issue and will update this article when more information is available.” According to Sophos, all versions of its Endpoint and server licenses are affected. In addition, the Patch Tuesday updates are causing widespread...
Read more...
Microsoft seems to be having a bad run of luck with its Windows updates as of late. By now you are probably familiar with the various issues that affected the October Update for Windows 10, such as a file deletion bug that prompted Microsoft to pause the update's roll out. Well, it turns out users are seeing problems in Windows 7 as well. Image Source: Flickr via Andrew Mason Earlier this week, Microsoft issued its Patch Tuesday updates to Windows PCs, as it does on the second Tuesday of every month. Typically those go without too much trouble, and that appears to the be the case on Windows 10. On Windows 7, however, some system administrators report a couple of annoying issues, one of which...
Read more...
Windows is more secure today than it was at the beginning of the week. That is how it typically goes after the second Tuesday of each month, otherwise known as Patch Tuesday, when Microsoft doles out a collection of security updates and fixes. This particular Patch Tuesday saw Microsoft dish out 54 bug fixes, including 17 deemed Critical. As far as Patch Tuesday collections go, this one is about average, both in the overall number of fixes and those that are Critical. Of those that fell into the latter category, 15 of them addressed issues with Edge and Internet Explorer, along with technologies associated with both browsers. Critical patches address flaws that can be remotely exploited by a...
Read more...
Every second Tuesday of every month Microsoft releases a batch of security updates to keep Windows and its core services in tiptop shape. Dubbed Patch Tuesday, yesterday's release for October was a pretty big one in the grand scheme of things (though not as big as the one this past June), containing fixes for dozens vulnerabilities, among them an "important" zero-day flaw in Microsoft Office that hackers have already exploited. The issue in Office relates to memory corruption and affects all supported versions of the productivity suite. By exploiting the security hole, an attacker could send a malicious Office file to a victim and, if opened, would give the attacker the same rights as the user....
Read more...
Microsoft is treating its next Patch Tuesday like a level in Serious Sam where it emerges with guns blazing. Only in this case, instead of taking out extraterrestrials who are intent on destroying all of humanity, Microsoft's mission is to neutralize more bugs than ever before. More specifically, the Patch Tuesday for June will address a record 94 vulnerabilities across multiple versions of Windows. One thing we have seen from Microsoft lately are patches for Windows XP even though it's officially a defunct operating system (at least for consumers). We saw this with the WannaCry ransomware outbreak and again more recently with Microsoft taking a preemptive step to secure Windows XP from future...
Read more...
If you (or your business) for some reason are still running the initial release of the Windows 10 operating system, you might want to think about upgrading to a newer build. Windows 10 was originally launched during the summer of 2015 with version 1507. Since that time, Microsoft has introduced a number of updates including last summer’s Anniversary Update, and the Creators Update which landed last month. Given that Windows 10 v1507 is nearly two years old, Microsoft is reminding users to either upgrade or face exile from future security updates. According to Microsoft, the initial Windows 10 release will receive its final product and security updates via this month’s Patch Tuesday, which rolls...
Read more...
If you’ve been following news coming out of Redmond, Washington this week, something rather unprecedented took place. Microsoft’s regularly-scheduled Patch Tuesday, which includes the usual collection of security fixes and updates, didn’t take place on Valentine’s Day. Instead, Microsoft provided the following statement via its TechNet website: Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates. We apologize...
Read more...
What's that in the air? Could it be the smell of egg nog and pine? Nope, it's Microsoft Patch Tuesday, of course! This month's rollout is rather large and notable for a number of reasons. However, what matters most is that if you're not up-to-date yet, you'll want to take a little trip to the Windows Update section and take care of business. Speaking of business, the advice to update is imperative for those managing user PCs in the enterprise, as this rollout of patches includes a fix for a huge bug Google disclosed one week ago. This bug, called CVE-2016-7255, is a local privilege escalation flaw that is particularly dangerous, as it's been proven to be actively exploited. If you don't want...
Read more...
Brace yourself, Patch Tuesday is coming. This time around, Microsoft released a total of eight security bulletins, three of which are rated Critical and the other five listed as Important. All combined, these eight security updates will patch up 24 Common Vulnerabilities and Exposures (CVEs) in Windows, Office, .NET Framework, .ASP, .NET, and Internet Explorer. Among the fixes is a patch for a vulnerability being exploited by the Sandworm Team, the name given to a group of Russian hackers who have been taking advantage of a particular zero-day security hole that's been shipping in all versions of Windows (save for Windows XP) for the past several years. Image Source: Flickr (Robert Scoble) The...
Read more...
IT admins take notice, you will no longer receive email notifications from Microsoft announcing Patch Tuesday security bulletins. This includes security bulletin advance notifications and summaries, as well as new security advisories and bulletins and major or minor revisions to security advisories and bulletins, Microsoft announced. This change pertains to anyone who opted into a mailing list that Microsoft set up a long while back to alert them to Patch Tuesday updates. "In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website," Microsoft said. In addition, Microsoft rolled out an update to its Windows Update client in order...
Read more...
