Items tagged with Patch Tuesday

IT admins take notice, you will no longer receive email notifications from Microsoft announcing Patch Tuesday security bulletins. This includes security bulletin advance notifications and summaries, as well as new security advisories and bulletins and major or minor revisions to security advisories and bulletins, Microsoft announced. This change pertains to anyone who opted into a mailing list that Microsoft set up a long while back to alert them to Patch Tuesday updates. "In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website," Microsoft said. In addition, Microsoft rolled out an update to its Windows Update client in order... Read more...
One could make an argument that Microsoft is the king of mixed messages. Just look at how the Redmond software giant has handled Windows XP over the years -- it was given several reprieves before finally being shunned for support, though it still received an out-of-cycle patch for Internet Explorer to address a serious zero-day bug. However, that was a one-time thing, and in a blog post regarding yesterday's Patch Tuesday roll out, Microsoft made it clear that XP is no longer supported. "For those wondering, Windows XP will not be receiving any security updates today. For some time we have been recommending customers move to a modern operating system like Windows 7 or Windows 8.1 to help stay... Read more...
We're coming up on the second Tuesday of the month, which is when Microsoft rolls out a collection of security updates for Windows and Internet Explorer. Otherwise known as "Patch Tuesday," the one that's coming up tomorrow will be relatively light compared to previous ones as it contains only five security bulletins, however two of them are deemed Critical and three Important, and several of them require a restart. The first Bulletin addresses a zero-day vulnerability affecting IE versions 9 and 10, along with other security fixes for IE versions 6 through 11. This one is deemed Critical because of the zero-day exploit identified by FireEye last month, which was used to infect the U.S. Veterans... Read more...
The long awaited "Update 1" to Windows 8.1 is reportedly scheduled to arrive on the MSDN channel on April 2, 2014, and via Windows Update on April 8, which is Patch Tuesday. Perhaps not coincidentally, Windows 8.1 Update 1 rolls into town just as support for Windows XP is coming to an official close after more than 12 years.of service. Those dates come from Paul Thurrott, owner of Supersite for Windows, who posted the information on Twitter. While that doesn't qualify as being official -- it's not coming directly from Microsoft, in other words -- Thurrott is generally on top of such things. Based on supposed leaks of the update, one of the rumored changes it will introduce is enabling the boot-to-desktop... Read more...
Patch Tuesday is right around the corner (tomorrow, in fact), and in advance of its monthly update package, Microsoft is giving a heads up that this month's will contain three "Critical" patches and five labeled as "Important." A Critical rating is the most severe and indicates a vulnerability whose exploitation could allow code execution without user interaction. One of the Critical security bulletins covers all versions of Internet Explorer on every flavor of Windows. In other words, if you run Windows, you'll need to update (or should, anyway), and yes, this particular one will require a system restart to apply the changes. November's Patch Tuesday will also introduce Important fixes for all... Read more...
Heads-up, if you're running older versions of the Windows operating system, Microsoft Office or Microsoft Lync communication platform software. Microsoft released a security advisory noting that the TIFF (Tagged Image File Format) image handler in some of these older Microsoft software suites is subject to a vulnerability whereby "specially crafted TIFF images" could convince the user to open email messages, files or web content that could be used to exploit the host machine. Microsoft details the remote code execution vulnerability in security advisory 2896666 (evil, eh?) noting: "An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users... Read more...
Microsoft may need to take yet another mulligan on more Patch Tuesday updates that, for some, are causing more problems than they purport to fix. The latest round of updates were supposed to address 14 security flaws, though some users are complaining that certain patches are causing weird and frustrating problems. According to InfoWorld, at least five updates are causing issues. These include KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583. The first of those is not a security patch, but one that's intended to bring more functionality to Office 2013. However, some users are complaining that after installing KB 2817630 (possibly in conjunction with KB 2810009), the folder pane... Read more...
Patch Tuesday is right around the corner – July 9th, in fact – and this month’s patch is bringing several updates that warrant the “Critical” rating, which is Microsoft’s highest rating for update importance. Microsoft is giving IT administrators a heads up with a Security Bulletin Advance Notification that spells out the types of fixes and the software they affect. Microsoft's Upcoming Patch Tuesday Fixes. Image Credit: Microsoft The Critical vulnerability fixes are meant to prevent “remote code execution.” Malicious users can conceivably use these sorts of security vulnerabilities to hack Windows and other software, though the presence of a fix... Read more...
This month's Patch Tuesday will plug up less than a dozen vulnerabilities -- 11, to be exact -- in various flavors of Windows, Microsoft Office, Internet Explorer, and other software, Microsoft announced in a Security Bulletin Advance Notification for April 2012. Microsoft issued half a dozen bulletins in all, the same number as last month, though all but two are rated "Critical" this time around. All four Critical bulletins deal with remote code execution, one of which affects every version of Internet Explorer (6-9) on various platforms, including Windows XP, 2003, 7, and 2008, regardless of whether you're running a 32-bit or 64-bit build. The remaining two bulletins are both deemed "Important,"... Read more...
Microsoft is planning to keep things relatively low-key on March 13th, otherwise known as Patch Tuesday, which will contain only six security bulletins. Only one of those is deemed Critical; the other five consist of four that are labeled Important and one that is rated Moderate. The critical fix applies to all versions of Windows since XP and plugs up a security hole that could allow an attacker to gain control of an infected system remotely. "Organizations will have to reboot after applying the critical patch, which indicates that it is fix for a kernel level bug," said Marcus Carey, a security researcher at Rapid7. "There are two important bulletins that effect the Windows family as well."... Read more...
The second Patch Tuesday of 2012 falls on February 14, otherwise known as Valentine's Day, and instead of a box of chocolates or flowers, Microsoft is giving its users the gift of security via nine security bulletins. Four of the updates are rated Critical and other five are labeled Important by the Redmond software giant. All but one of the Critical bulletins apply to Windows, while the fourth relates to Microsoft's .NET framework and Silverlight platforms. Four of the Important bulletins also apply to Windows, and one plugs up a security hole in Office and Server software. Seven of the nine updates require a restart, and other two might require one, so IT admins will be kept busy at the workplace... Read more...
It's a new year and already the first Patch Tuesday of Microsoft's monthly Windows update schedule has come and gone. If you ignored the update notification sitting your system tray, take a moment to let Windows Update do its thing, and as a reward for kicking procrastination to the curb, Microsoft will get rid of a BEAST that resides on your system. We're not being dramatic, that's in reference to a so-called BEAST SSL security flaw that's among the many patches contained in the seven bulletins for the first Patch Tuesday of 2012. All but one are labeled "Important," and the remaining bulletin -- MS12-004 -- earned a "Critical" designation from Microsoft because of two possible Remote Code Execution... Read more...
Microsoft came ever-so-close to ending the year without a single unscheduled patch outside of its monthly Patch Tuesday routine, but in the end, three "Critical" vulnerabilities found in its .NET Framework prompted the Redmond software giant to take action immediately. Left unpatched, the flaws could allow for the elevation of privileges if an unauthenticated attacker sends a specially crafted Web request to the target site, Microsoft said. "An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register... Read more...
If you have the misfortune of living in an area where dial-up is still the only option, you have our condolences. Not just because dial-up sucks, but also because you're not going to doing much of anything online next Tuesday other than downloading security updates. Microsoft is putting together its biggest patch ever, a record 16 security updates to address 49 vulnerabilities in Windows, Internet Explorer, Office, and Sharepoint. Out of the 16 updates, Microsoft has labeled 4 of them as "Critical," 10 of them "Important," and 2 of them "Moderate." Most of the updates address threats related to Remote Code Execution, and several of them require a restart. "I have a theory about the large October... Read more...
Prev 1 2