(Insider Story)

Read more

Browser updates are back for the May's Patch Tuesday

Credit to Author: Greg Lambert| Date: Fri, 14 May 2021 12:37:00 -0700

With 55 updates, three publicly reported vulnerabilities and reported public exploits for Adobe Reader, this week’s Patch Tuesday update will require some time and testing before deployment. There are some tough testing scenarios (we’re looking at you, OLE) and kernel updates make for risky deployments. Focus on the IE and Adobe Reader patches — and take your time with the (technically challenging) Exchange and Windows updates.

Speaking of taking your time, if you’re still Windows 10 1909, this is your last month of security updates. 

The three publicly disclosed vulnerabilities this month include:

To read this article in full, please click here

Read more

For Windows, it’s ‘squirrel away time’

Credit to Author: Susan Bradley| Date: Mon, 03 May 2021 04:51:00 -0700

It’s that semi-annual time of the year we in AskWoody land call “squirrel away time” — time to make sure you have a copy of the ISO currently installed on your computer in case you need to reinstall it. There are a number of ways to get older versions of Windows by using a trick publicized on the Thurrott.com site. But the easiest way to grab a copy of, say, 20H2 is to go to the software download site, download a copy and store it on a spare hard drive, flash drive or external USB drive.

To read this article in full, please click here

Read more

The Patch Tuesday focus for April: Windows and Exchange (again)

Credit to Author: Greg Lambert| Date: Fri, 16 Apr 2021 10:57:00 -0700

On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest “Patch Now” rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here

Read more

Microsoft provides Exchange Server defensive tool to help SMBs stymie zero-day attacks

Credit to Author: Gregg Keizer| Date: Wed, 17 Mar 2021 08:19:00 -0700

Microsoft Tuesday issued instructions and a one-click tool to small businesses with on-premises Exchange servers to patch the vulnerability first disclosed by the company March 2, and which criminals have been using to spy on victims’ communications as well as gain access to other parts of their networks.

“We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,” Microsoft said in a post to a company blog attributed to the MSRC (Microsoft Security Research Center) Team.

To read this article in full, please click here

Read more

Patch Exchange now, and test your Windows updates

Credit to Author: Greg Lambert| Date: Fri, 12 Mar 2021 10:08:00 -0800

If it weren’t for the serious security issues surrounding on-premise Microsoft Exchange servers (CVE-2021-2685, CVE-2021-27065, CVE-2021-26857 and CVE-2021-26858), I would say things look pretty good for this month’s Patch Tuesday. There are still things to test on the desktop, including printing, remote desktop connections via VPNs, and graphically intensive operations. And while the other lower-rated Microsoft Office and Development platform updates require attention, they don’t require a rapid response and can be added to the regular testing regime and deployment cadence.

To read this article in full, please click here

Read more

What's not to love with this month’s Patch Tuesday?

Credit to Author: Greg Lambert| Date: Fri, 12 Feb 2021 09:23:00 -0800

With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you’d be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numbers for updates and patches, four vulnerabilities have been publicly disclosed and we are seeing a growing number of reports of exploits in the wild.

In short: this is a big, important update that will require immediate attention and a rapid response to testing and deployment.

For example, Microsoft has just released an out-of-band update to fix a Wi-Fi issue that is leading to Blue Screens of Death (BSODs). Somebody is going to run into trouble unless this gets fixed fast. We have included a helpful infographic that this month looks a little lopsided (again), as all of the attention should be on the Windows components

To read this article in full, please click here

Read more

Patch Tuesday, Good Riddance 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 Dec 2020 23:47:38 +0000

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

Read more