For Windows, it’s ‘squirrel away time’

Credit to Author: Susan Bradley| Date: Mon, 03 May 2021 04:51:00 -0700

It’s that semi-annual time of the year we in AskWoody land call “squirrel away time” — time to make sure you have a copy of the ISO currently installed on your computer in case you need to reinstall it. There are a number of ways to get older versions of Windows by using a trick publicized on the Thurrott.com site. But the easiest way to grab a copy of, say, 20H2 is to go to the software download site, download a copy and store it on a spare hard drive, flash drive or external USB drive.

To read this article in full, please click here

Read more

The Patch Tuesday focus for April: Windows and Exchange (again)

Credit to Author: Greg Lambert| Date: Fri, 16 Apr 2021 10:57:00 -0700

On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest “Patch Now” rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here

Read more

Microsoft provides Exchange Server defensive tool to help SMBs stymie zero-day attacks

Credit to Author: Gregg Keizer| Date: Wed, 17 Mar 2021 08:19:00 -0700

Microsoft Tuesday issued instructions and a one-click tool to small businesses with on-premises Exchange servers to patch the vulnerability first disclosed by the company March 2, and which criminals have been using to spy on victims’ communications as well as gain access to other parts of their networks.

“We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,” Microsoft said in a post to a company blog attributed to the MSRC (Microsoft Security Research Center) Team.

To read this article in full, please click here

Read more

Patch Exchange now, and test your Windows updates

Credit to Author: Greg Lambert| Date: Fri, 12 Mar 2021 10:08:00 -0800

If it weren’t for the serious security issues surrounding on-premise Microsoft Exchange servers (CVE-2021-2685, CVE-2021-27065, CVE-2021-26857 and CVE-2021-26858), I would say things look pretty good for this month’s Patch Tuesday. There are still things to test on the desktop, including printing, remote desktop connections via VPNs, and graphically intensive operations. And while the other lower-rated Microsoft Office and Development platform updates require attention, they don’t require a rapid response and can be added to the regular testing regime and deployment cadence.

To read this article in full, please click here

Read more

What's not to love with this month’s Patch Tuesday?

Credit to Author: Greg Lambert| Date: Fri, 12 Feb 2021 09:23:00 -0800

With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you’d be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numbers for updates and patches, four vulnerabilities have been publicly disclosed and we are seeing a growing number of reports of exploits in the wild.

In short: this is a big, important update that will require immediate attention and a rapid response to testing and deployment.

For example, Microsoft has just released an out-of-band update to fix a Wi-Fi issue that is leading to Blue Screens of Death (BSODs). Somebody is going to run into trouble unless this gets fixed fast. We have included a helpful infographic that this month looks a little lopsided (again), as all of the attention should be on the Windows components

To read this article in full, please click here

Read more

Patch Tuesday, Good Riddance 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 Dec 2020 23:47:38 +0000

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

Read more

New Emotet delivery method spotted during downward detection trend

Credit to Author: David Ruiz| Date: Wed, 28 Oct 2020 21:29:47 +0000

Emotet got a superficial facelift this week, hiding itself within a fake request asking users to update Microsoft Word to take advantage of new features.

Categories:

Tags:

(Read more…)

The post New Emotet delivery method spotted during downward detection trend appeared first on Malwarebytes Labs.

Read more

Microsoft Patch Alert: October 2020

Credit to Author: Woody Leonhard| Date: Thu, 22 Oct 2020 04:32:00 -0700

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here

Read more