Microsoft Patch Alert: Welcome to the Upside Down

Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here

Read more

A new Equation Editor exploit goes commercial, as maldoc attacks using it spike

Credit to Author: Gabor Szappanos| Date: Thu, 18 Jul 2019 16:00:18 +0000

Weaponized RTF documents adopt CVE-2018-0798, another Equation Editor vulnerability<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ltjXsAajVFc” height=”1″ width=”1″ alt=””/>

Read more

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

Credit to Author: Woody Leonhard| Date: Mon, 01 Jul 2019 04:36:00 -0700

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Patching whack-a-mole continues

Credit to Author: Woody Leonhard| Date: Thu, 30 May 2019 04:16:00 -0700

In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new “Download and install now” feature.

The May 2019 Windows updates have taken so many twists and turns it’s hard to pin things down, but as of Thursday morning, here’s what we’ve seen.

Windows 10 cumulative updates

As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you’ve chosen for your machine), you’ve been pushed one or two of them. If you’re a “seeker” (and clicked “Check for updates” or downloaded and installed the patches), you’ve had at least two, and maybe three. Got that?

To read this article in full, please click here

Read more

Now’s the time to install the April Windows and Office patches

Credit to Author: Woody Leonhard| Date: Fri, 03 May 2019 07:04:00 -0700

April was a tough month for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 customers who ran specific antivirus products. Blue screens, freezes, slow-as-sludge drippings all bedeviled a large number of Sophos, Avira, Avast, AVG and even McAfee users.

Looks like we’re over that hump, with the AV manufacturers scurrying to fix their wares.

To read this article in full, please click here

Read more

Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing

Credit to Author: Woody Leonhard| Date: Mon, 29 Apr 2019 09:32:00 -0700

You have to wonder who’s testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn’t show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month – the mythical “E week” that Microsoft never talks about – so the month may yet end with both a bang and whimper.

To read this article in full, please click here

Read more

Machine learning hones weapons of maldoc destruction

Credit to Author: Jason Zhang| Date: Tue, 09 Apr 2019 14:49:19 +0000

By Jason Zhang Criminals continue to leverage the features of Adobe&#8217;s PDF document format to engage in malware and phishing attacks, with no sign of a slowdown. Last year at Black Hat USA, I gave a presentation about PDF-based malware detection using machine learning. We discovered that the best AV engine could only catch fewer [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/3k1sko1i93Y” height=”1″ width=”1″ alt=””/>

Read more

Microsoft Patch Alert: Most March patches look good

Credit to Author: Woody Leonhard| Date: Mon, 01 Apr 2019 16:04:00 -0700

March was an unusually light patching month – all of Office only had one security patch – and there don’t appear to be any immediate patching worries. Just as in the past few months, Microsoft’s holding off on its second cumulative update for Windows 10 1809, raising hopes that it’s taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

To read this article in full, please click here

Read more

March 2019 Windows and Office patches poke a few interesting places

Credit to Author: Woody Leonhard| Date: Wed, 13 Mar 2019 06:21:00 -0700

Patch Tuesday has come and gone, not with a bang but a whimper. As of this moment, early Wednesday morning, I don’t see any glaring problems with the 124 patches covering 64 individually identified security holes. But the day is yet young.

There are a few patches of note.

Two zero days

Microsoft says that two of this month’s security holes — CVE-2019-0797 and CVE-2019-0808 — are being actively exploited. The latter of these zero days is the one that was being used in conjunction with the Chrome exploit that caused such a kerfuffle last week, with Google urging Chrome browser users to update right away, or risk the slings of nation-state hackers. If you’ve already updated Chrome (which happens automatically for almost everybody), the immediate threat has been thwarted already.

To read this article in full, please click here

Read more

Microsoft Patch Alert: After a serene February, Microsoft plops KB 4023057 into the Update Catalog

Credit to Author: Woody Leonhard| Date: Fri, 01 Mar 2019 07:50:00 -0800

Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that’s excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a “hallelujah” from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog

You’ve heard me talk about KB 4023057 many times, most recently in January. It’s a mysterious patch that Microsoft calls an “update reliability improvement” whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

To read this article in full, please click here

Read more

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs

Credit to Author: Woody Leonhard| Date: Wed, 30 Jan 2019 09:12:00 -0800

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

To read this article in full, please click here

Read more