Friday, April 26, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

PCs

ComputerWorld Independent 

Microsoft releases emergency IE patches inside 'optional, non-security' cumulative updates

admin , , ,

Credit to Author: Woody Leonhard| Date: Tue, 24 Sep 2019 12:13:00 -0700

I’ve seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed – the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They’re “optional non-security” and “Monthly Rollup preview” patches, so you won’t get them unless you specifically go looking for them.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Heads up: A free, working exploit for BlueKeep just hit

admin , ,

Credit to Author: Woody Leonhard| Date: Fri, 06 Sep 2019 11:33:00 -0700

There’s been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it’s a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine – if you have Remote Dekstop turned on, it’s accessible directly from the internet, and you haven’t installed the May patches.

Two weeks ago, Susan Bradley posted a CSO article that details ways admins can  avoid using RDP. I’ve seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft Patch Alert: Full of sound and fury, signifying nothing

admin , , , ,

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers

admin , , ,

Credit to Author: Gregg Keizer| Date: Mon, 26 Aug 2019 03:00:00 -0700

Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.

“Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit,” Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.

Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Installing Windows 7 from a backup? You need a BitLocker patch right away

admin , , ,

Credit to Author: Woody Leonhard| Date: Mon, 19 Aug 2019 09:33:00 -0700

No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can’t encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft Patch Alert: Welcome to the Upside Down

admin , , , ,

Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

admin , , , ,

Credit to Author: Woody Leonhard| Date: Mon, 01 Jul 2019 04:36:00 -0700

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft is better at documenting patch problems, but issues abound

admin , ,

Credit to Author: Woody Leonhard| Date: Thu, 13 Jun 2019 03:55:00 -0700

I don’t know about you, but I’ve given up on Microsoft’s ability to deliver reliable patches. Month after month, we’ve seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.

For the past few months, though, we’ve seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they’re pushed. Consider:

To read this article in full, please click here

Read more