Microsoft Patch Alert: January 2020 patches look relatively benign

Credit to Author: Woody Leonhard| Date: Thu, 23 Jan 2020 07:17:00 -0800

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

Read more

Microsoft Patch Alert: December patches hang Win7 Pro endpoints and force Server 2012 reboots

Credit to Author: Woody Leonhard| Date: Mon, 06 Jan 2020 09:55:00 -0800

It was the kind of month admins dread: Mysterious problems on hundreds of machines, with no apparent cause or cure. Toss in the holidays, and we had a whole lot of Mr. and Ms. Grinches in the industry.

Fortunately, it looks like the problems have been sorted out at this point. Individual users had many fewer problems. Microsoft’s left and right hands still aren’t talking on the 1909 team, but what else is new…

Win7 hang on ‘Preparing to configure Windows’

Microsoft dropped a new Servicing Stack Update for Windows 7 on Dec. 10, and it gummed up the works for many. Here’s a good summary on Reddit from poster Djaesthetic:

To read this article in full, please click here

Read more

A Lighter-than-normal Patch Tuesday for December, 2019

Credit to Author: alexandrebecholey| Date: Wed, 11 Dec 2019 00:36:22 +0000

There may be a smaller overall tally of things to fix this month than in recent update cycles, but at least one bug is being exploited in the wild<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gu6tev4DC1Q” height=”1″ width=”1″ alt=””/>

Read more

Microsoft Patch Alert: November patches behave themselves – with a few exceptions

Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

To read this article in full, please click here

Read more

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs

Credit to Author: Woody Leonhard| Date: Tue, 29 Oct 2019 12:18:00 -0700

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here

Read more

A week in security (September 30 – October 6)

Credit to Author: Malwarebytes Labs| Date: Mon, 07 Oct 2019 15:43:53 +0000

A roundup of the latest cybersecurity news for the week of September 30 – October 6, including National Cybersecurity Awareness Month, Magecart, and more.

Categories:

Tags:

(Read more…)

The post A week in security (September 30 – October 6) appeared first on Malwarebytes Labs.

Read more

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming

Credit to Author: Woody Leonhard| Date: Mon, 30 Sep 2019 10:16:00 -0700

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

To read this article in full, please click here

Read more

Microsoft Patch Alert: Full of sound and fury, signifying nothing

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

To read this article in full, please click here

Read more