Friday, July 11, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

microsoft

ComputerWorldIndependent
admin

March 2019 Windows and Office patches poke a few interesting places

Credit to Author: Woody Leonhard| Date: Wed, 13 Mar 2019 06:21:00 -0700

Patch Tuesday has come and gone, not with a bang but a whimper. As of this moment, early Wednesday morning, I don’t see any glaring problems with the 124 patches covering 64 individually identified security holes. But the day is yet young.

There are a few patches of note.

Two zero days

Microsoft says that two of this month’s security holes — CVE-2019-0797 and CVE-2019-0808 — are being actively exploited. The latter of these zero days is the one that was being used in conjunction with the Chrome exploit that caused such a kerfuffle last week, with Google urging Chrome browser users to update right away, or risk the slings of nation-state hackers. If you’ve already updated Chrome (which happens automatically for almost everybody), the immediate threat has been thwarted already.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft Patch Alert: After a serene February, Microsoft plops KB 4023057 into the Update Catalog

Credit to Author: Woody Leonhard| Date: Fri, 01 Mar 2019 07:50:00 -0800

Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that’s excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a “hallelujah” from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog

You’ve heard me talk about KB 4023057 many times, most recently in January. It’s a mysterious patch that Microsoft calls an “update reliability improvement” whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft opens top-tier Defender ATP security to Windows 7 PCs

Credit to Author: Gregg Keizer| Date: Mon, 25 Feb 2019 08:28:00 -0800

Microsoft’s Windows Defender Advanced Threat Protection (ATP) service is now available for PCs running Windows 7 and Windows 8.1.

The decision to add devices powered by those operating systems was first announced a year ago. At the time, Microsoft said ATP’s Endpoint Detection & Response (EDR) functionality would be available for the older OSes by summer 2018.

Windows Defender ATP is a service that detects ongoing attacks on corporate networks, then follows up to investigate the attack or breach and provides response recommendations and attack remediation. Software baked into Windows 10 detects attacks, while a central management console allows IT administrators to monitor the status of covered devices and react if necessary. Adding the EDR client software to Windows 7 and Windows 8.1 PCs gives enterprise IT the same visibility into those machines as it has had into Windows 10 systems.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft delays Windows 7's update-signing deadline to July

Credit to Author: Gregg Keizer| Date: Tue, 19 Feb 2019 13:03:00 -0800

Microsoft has revised its schedule to dump support for an outdated cryptographic hash standard by postponing the deadline for Windows 7.

Microsoft, like other software vendors, digitally “signs” updates before they are distributed via the Internet. SHA-1 (Secure Hash Algorithm 1), which debuted in 1995, was declared insecure a decade later, but it was retained for backward-compatibility reasons, primarily for Windows 7. Microsoft wants to ditch SHA-1 and rely only on the more-secure SHA-2 (Secure Hash Algorithm 2).

Late last year, Microsoft said that it would update Windows 7 and Windows Server 2008 R2 SP1 (Service Pack 1) this month with support for SHA-2. Systems running those operating systems would not receive the usual monthly security updates after April’s collection, slated for release April 9, Microsoft promised at the time.

To read this article in full, please click here

Read More
MalwareBytesSecurity
admin

Businesses: It’s time to implement an anti-phishing plan

Credit to Author: Malwarebytes Labs| Date: Wed, 13 Feb 2019 16:54:28 +0000

If your organization doesn’t have an anti-phishing plan in place, it’s time to start thinking about one. Here’s what to tell your employees and customers about phishing attacks.

Categories:

Tags:

(Read more…)

The post Businesses: It’s time to implement an anti-phishing plan appeared first on Malwarebytes Labs.

Read More
ComputerWorldIndependent
admin

It's time to block Windows Automatic Updating

Credit to Author: Woody Leonhard| Date: Mon, 11 Feb 2019 05:15:00 -0800

Those of you who feel it’s important to install Windows and Office patches the moment they come out – I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you’ll drop by AskWoody.com and tell us all about them.

For those who feel that, given Microsoft’s track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft’s Security Response Center says that only a tiny percentage of patched security holes get exploited within 30 days of the patch becoming available.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft: Watch out for zero days; deferred patches, not so much

Credit to Author: Woody Leonhard| Date: Fri, 08 Feb 2019 08:32:00 -0800

Matt Miller’s presentation at Blue Hat yesterday included some startling statistics, based on data gathered by Microsoft’s Security Response Center. The numbers starkly confirm what we’ve been saying for years: The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.

To read this article in full, please click here

Read More