20 years after Gates’ call for trustworthy computing, we’re still not there

Credit to Author: Susan Bradley| Date: Mon, 17 Jan 2022 03:42:00 -0800

Do you feel more secure? Is your computing experience more trustworthy these days?

Seriously — you’re reading this article on a computer or phone, connecting to this site on an internet shared with your Grandma as well as Russian hackers, North Korean attackers, and lots of teenagers  looking at TikTok videos. It’s been 20 years since then-Microsoft CEO Bill Gates wrote his Trustworthy Computing memo where he emphasized security in the company’s products.

So are we actually more secure now?

I’m going to keep in mind the side effects from last week’s Patch Tuesday security updates and consider them in my answer. First, the good news: I don’t see major side effects occurring on PCs not connected to active directory domains (and I haven’t seen any showstoppers in testing my hardware at home). I can still print to my local HP and Brother printers. I can surf and access files. So, while I’m not ready yet to give an all-clear to install the January updates, when I do, I doubt you’ll see side effects.

To read this article in full, please click here

Read more

Patch Tuesday gets off to a busy start for January

Credit to Author: Greg Lambert| Date: Fri, 14 Jan 2022 12:10:00 -0800

For this week’s Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them as zero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:

  • Hyper-V, which no longer starts with the message, “Virtual machine xxx could not be started because the hypervisor is not running.”
  • ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
  • And Windows domain controller boot loops.

There are a variety of known issues this month, and I’m not sure whether we’ll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.

To read this article in full, please click here

Read more

Windows security in ’22 — you need more than just antivirus software

Credit to Author: Susan Bradley| Date: Mon, 10 Jan 2022 06:10:00 -0800

Do you need antivirus in 2022 — especially when some options now come with a cryptominers built in?

Several antivirus vendors — some options free, others, paid — have begun bundling their antivirus products with software that generates virtual currency. Of all of the requirements for antivirus, using excess cycles on your computer to generate crypto-coins is not on my list of must-haves.

Recently, Krebs on Security noted that both Norton Antivirus and Avira have told users that versions of their respective software now include a cryptominer. While it’s not enabled by default, it still gives me pause; antivirus is supposed to protect us from such potentially unwanted software, and these two vendors are now including it in their wares.

To read this article in full, please click here

Read more

How to manually update Microsoft Defender

Credit to Author: Ed Tittel| Date: Tue, 04 Jan 2022 03:00:00 -0800

Microsoft Defender is the built-in anti-malware package that’s included with modern Windows operating systems. It’s alternatively known as Windows Security (it shows up under Settings as Windows Security) or Windows Defender (sometimes with Antivirus at the end of the name, as in this Microsoft Docs page). But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.

To read this article in full, please click here

(Insider Story)

Read more

After a rocky year for patching, a look ahead to ‘22

Credit to Author: Susan Bradley| Date: Mon, 13 Dec 2021 11:38:00 -0800

For Windows users, it’s been a rough year for security vulnerabilities and patches. Now, my view about these kinds of problems is always a bit jaded. I pay attention to what people post about on the Askwoody forums, and they typically don’t say much if they have no problems. All I see are people with issues, not those with systems that install patches and reboot just fine.

That said, Windows servicing still genuinely concerns me at times. Before I look ahead to 2022, I want to dwell a bit on where we are now.

To read this article in full, please click here

Read more

A week in security (Dec 6 – 12)

Credit to Author: abrading| Date: Mon, 13 Dec 2021 12:29:42 +0000

The most important and interesting security stories from the last seven days.

Categories: Malwarebytes news

Tags:

(Read more…)

The post A week in security (Dec 6 – 12) appeared first on Malwarebytes Labs.

Read more

Vulnerability in Windows 10 URI handler leads to remote code execution

Credit to Author: Pieter Arntz| Date: Wed, 08 Dec 2021 14:52:11 +0000

Researchers found a vulnerability in the Windows 10 and 11 ms-officecmd URI handler. When it will be patched is unknown.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post Vulnerability in Windows 10 URI handler leads to remote code execution appeared first on Malwarebytes Labs.

Read more

A look at Microsoft's patches and fixes in 2021 — the year of change

Credit to Author: Susan Bradley| Date: Tue, 07 Dec 2021 09:58:00 -0800

As we near the end of another year, I like to look back at the past 12 months in patching from MIcrosoft. What changed (a lot), what didn’t (patch-related problems). We began 2021 thinking Windows 10 would continue to be serviced and updated as usual, for instance. We end the year knowing different. (I’ll have some predictions for 2022 next week.)

We now know that Windows 10 will not receive updates indefinitely. Earlier this year, Microsoft unveiled Windows 11 and announced it would need certain hardware and Trusted Platform Module installed before machines would receive new OS. Given that most users only have hardware that will support Windows 10, many will be running the older OS until 2025. Microsoft already announced it will be providing security updates for Windows 10 until then and will move to an annual feature release model — matching the cadence for Windows 11. (My prediction for 2025: Microsoft will offer extended security patches for even consumer versions of Windows 10 because so many of us will have still usable machines unable to update to Windows 11. Come back in 2025 and we’ll see if I’m right.)

To read this article in full, please click here

Read more