Get the January 2020 Patch Tuesday patches installed

Credit to Author: Woody Leonhard| Date: Fri, 24 Jan 2020 13:27:00 -0800

Read more

Microsoft Patch Alert: January 2020 patches look relatively benign

Credit to Author: Woody Leonhard| Date: Thu, 23 Jan 2020 07:17:00 -0800

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

Read more

Don’t worry about CurveBall just yet — get your Citrix systems patched

Credit to Author: Woody Leonhard| Date: Tue, 21 Jan 2020 08:03:00 -0800

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.” 

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781. 

To read this article in full, please click here

Read more

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

Credit to Author: Woody Leonhard| Date: Fri, 17 Jan 2020 06:42:00 -0800

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor’s nine-year-old, even the bleeping NSA. It’s a little patch. Why not just install it and be done with it?

To read this article in full, please click here

Read more

Windows 7 end of support: Separating the bull from the horns

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 13:20:00 -0800

No, Windows 7 isn’t dead.

No, you don’t need to buy a Win10 computer. 

No, you don’t need to upgrade.

No, you don’t need to install the latest Win7 patches right away.

No, Microsoft isn’t withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren’t disappearing.

No, your Internet Service Provider won’t kick you off your network for using Win7.

To read this article in full, please click here

Read more

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 07:26:00 -0800

Get ready for your local news station’s weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. “Remarkable” specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems.

To read this article in full, please click here

Read more