Here's an easier way to block the IE XXE zero day security hole

Credit to Author: Woody Leonhard| Date: Thu, 18 Apr 2019 09:57:00 -0700

The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

It’s a doozy of a security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Most March patches look good

Credit to Author: Woody Leonhard| Date: Mon, 01 Apr 2019 16:04:00 -0700

March was an unusually light patching month – all of Office only had one security patch – and there don’t appear to be any immediate patching worries. Just as in the past few months, Microsoft’s holding off on its second cumulative update for Windows 10 1809, raising hopes that it’s taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

To read this article in full, please click here

Read more

Microsoft to start selling Windows 7 add-on support April 1

Credit to Author: Gregg Keizer| Date: Tue, 05 Mar 2019 12:06:00 -0800

Microsoft plans to start selling its Windows 7 add-on support beginning April 1.

Labeled “Extended Security Updates” (ESU), the post-retirement support will give enterprise customers more time to purge their environments of Windows 7. From Windows 7’s Jan. 14, 2020 end of support, ESU will provide security fixes for uncovered or reported vulnerabilities in the OS.

Patches will be issued only for bugs rated “Critical” or “Important” by Microsoft, the top two rankings in a four-step scoring system.

To read this article in full, please click here

Read more

Microsoft Patch Alert: After a serene February, Microsoft plops KB 4023057 into the Update Catalog

Credit to Author: Woody Leonhard| Date: Fri, 01 Mar 2019 07:50:00 -0800

Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that’s excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a “hallelujah” from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog

You’ve heard me talk about KB 4023057 many times, most recently in January. It’s a mysterious patch that Microsoft calls an “update reliability improvement” whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

To read this article in full, please click here

Read more

It's time to block Windows Automatic Updating

Credit to Author: Woody Leonhard| Date: Mon, 11 Feb 2019 05:15:00 -0800

Those of you who feel it’s important to install Windows and Office patches the moment they come out – I salute you. The Windows world needs more cannon fodder. When the bugs come out, as they inevitably will, I hope you’ll drop by AskWoody.com and tell us all about them.

For those who feel that, given Microsoft’s track record of pernicious patches, a bit of reticence is in order, I have some good news. Microsoft’s Security Response Center says that only a tiny percentage of patched security holes get exploited within 30 days of the patch becoming available.

To read this article in full, please click here

Read more

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs

Credit to Author: Woody Leonhard| Date: Wed, 30 Jan 2019 09:12:00 -0800

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Mystery patches for IE and Outlook 2013 leave many questions, few answers

Credit to Author: Woody Leonhard| Date: Fri, 21 Dec 2018 08:21:00 -0800

Just when you’re ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn’t pass the smell test.

Mysterious bug fix for IE

Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809KB 4483235 – build 17763.195

To read this article in full, please click here

Read more

Microsoft delivers emergency patch for under-attack IE

Credit to Author: Gregg Keizer| Date: Wed, 19 Dec 2018 17:26:00 -0800

Microsoft rarely mentions Internet Explorer (IE) anymore, but when it does, it usually means bad news.

So it was Wednesday, when Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne.

According to Microsoft, attackers are already exploiting the vulnerability, making it a classic “zero-day” bug. Because of that, the company released a fix before the next round of security updates scheduled for Jan. 8.

To read this article in full, please click here

Read more

Microsoft Patch Alert: After months of bad news, November’s patching seems positively serene

Credit to Author: Woody Leonhard| Date: Thu, 29 Nov 2018 08:30:00 -0800

By far the most important reason for this month’s relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.

What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes – including two buggy patches that have been pulled and one that’s been fixed – the usual array of Flash excuses and Preview patches.

To read this article in full, please click here

Read more

Amid calls for a Windows bug status dashboard, Microsoft belatedly agrees to build one

Credit to Author: Gregg Keizer| Date: Fri, 16 Nov 2018 02:59:00 -0800

A Windows expert this week urged Microsoft to put its money where its mouth is and produce a status dashboard or website that reports and tracks problems with the operating system.

Coincidentally or not, on Wednesday Microsoft said it would launch a “Windows update status dashboard,” but did not name a timetable except for a broad “in the coming year.”

“I can go to this page and see if something happening with Office 365 is just a me thing or if everyone else is seeing the same,” said Susan Bradley in a Nov. 13 email reply to questions, referring to the Office 365 Admin Center. (Note: Only those with administrative credentials have access; it’s not meant to provide information to end users.) “(But) if I want to find out if something is a known issue with Windows 10, I have to dig through – and monitor for changes – these pages,” she continued, listing two separate support documents for one such known issue.

To read this article in full, please click here

Read more

Get 90% Off Your First Year of RemotePC, Up To 50 Computers for $6.95

Credit to Author: DealPost Team| Date: Tue, 13 Nov 2018 09:46:00 -0800

iDrive has activated a significant discount on their Remote access software RemotePC in these days leading into Black Friday. RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work, home or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. If you’ve been thinking about remote access solutions, now is a good time to consider RemotePC. Learn more about it here.

To read this article in full, please click here

Read more