Microsoft Patch Alert: October 2020

Credit to Author: Woody Leonhard| Date: Thu, 22 Oct 2020 04:32:00 -0700

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here

Read more

(Insider Story)

Read more

A phenomenal Android privacy feature you probably forget to use

Credit to Author: JR Raphael| Date: Tue, 20 Oct 2020 08:51:00 -0700

It’s amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it’s also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it’s only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate “AHAH!” in this rusty ol’ noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It’s a little somethin’ called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here

Read more

Zoom's new encryption approach is incremental, but better

Credit to Author: Evan Schuman| Date: Mon, 19 Oct 2020 04:46:00 -0700

Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn’t yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here

Read more

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday

Credit to Author: Greg Lambert| Date: Mon, 19 Oct 2020 04:09:00 -0700

This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final “change” for this release was a relatively minor update to Visual Studio – leading to no change in our recommendations in this benign update.)

To read this article in full, please click here

(Insider Story)

Read more

Is Windows the greatest cyberthreat to the 2020 US election?

Credit to Author: Preston Gralla| Date: Thu, 15 Oct 2020 03:00:00 -0700

If there’s going to be a successful cyberattack on the 2020 U.S election, you can be sure Windows will be involved. It’s the world’s biggest exposed attack vector and the weapon of choice of cybercriminals and intelligence agencies the world over. In addition, the world’s biggest botnets are made up of millions of infected Windows PCs used to launch cyberattacks.

To read this article in full, please click here

(Insider Story)

Read more

With Patch Tuesday here, be sure Windows Update is paused

Credit to Author: Woody Leonhard| Date: Mon, 12 Oct 2020 04:46:00 -0700

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

To read this article in full, please click here

Read more

As Patch Tuesday nears, be sure Windows Update is paused

Credit to Author: Woody Leonhard| Date: Mon, 12 Oct 2020 04:46:00 -0700

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

To read this article in full, please click here

Read more