will dormann – Computer Security Articles

Microsoft Patch Tuesday, December 2022 Edition

December 14, 2022 admin apple zero-day, cve-2022-41076, cve-2022-44698, cve-2022-44710, cve-2022-44713, Greg Wiseman, immersive labs, kevin breen, Latest Warnings, microsoft patch tuesday december 2022, Powershell, Rapid7, Security Tools, Sophos, Time to Patch, trend micro's zero day initiative, will dormann, windows

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 17:01:07 +0000

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Independent Krebs

When Your Smart ID Card Reader Comes With Malware

May 17, 2022 admin A Little Sunshine, cac reader, cert-cc, david dixon, michael danberry, militarycac.com, saicoo, The Coming Storm, u.s. general services administration, will dormann

Credit to Author: BrianKrebs| Date: Wed, 18 May 2022 01:07:59 +0000

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

Independent Krebs

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

January 13, 2020 admin anne neuberger, cert coordination center, cert-cc, crypt32.dll, microsoft, microsoft cryptoapi, national security agency, NSA, patch tuesday january 2020, Time to Patch, will dormann, windows

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 22:17:47 +0000

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.