Saturday, July 5, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

windows

ComputerWorldIndependent
admin

An open letter to Microsoft management re: Windows updating

Credit to Author: Woody Leonhard| Date: Mon, 30 Jul 2018 06:34:00 -0700

From: Susan Bradley

To: Mr. Satya Nadella, Mr. Carlos Picoto and Mr. Scott Guthrie

Dear Sirs:

Today, as Windows 10 turns three years old, I am writing to you to ensure that you are aware of the dissatisfaction your customers have with the updates released for Windows desktops and servers in recent months. The quality of updates released in the month of July, in particular, has placed customers in a quandary: install updates and face issues with applications, or don’t install updates and leave machines subject to attack.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft Patch Alert: Still reeling from one of the worst patching months ever

Credit to Author: Woody Leonhard| Date: Thu, 26 Jul 2018 14:31:00 -0700

If you ever wondered why people — and organizations — are taking longer and longer to willfully install patches, take a look at what happened this month. After a disastrous start, Windows 10 patches seem to be OK, but .NET and Server patches still stink.

For most of the year, we’ve seen two big cumulative updates every month for each of the supported Win10 versions. This month, so far, we’ve had three. Microsoft’s claim that it will install the Win7 and Win8.1 Monthly Rollups defies logic. The .NET patches are in such bad shape that the .NET devs have thrown in the towel. And here we sit not knowing exactly which way is up.

Three Win10 cumulative updates for each version in July

On Patch Tuesday, July 10, as usual, Microsoft rolled out cumulative updates for all of the supported versions of Windows 10. Almost immediately we heard screams of pain as four big bugs, later officially acknowledged, hit the fan. Six days later, Microsoft released a second set of cumulative updates, again for all versions of Win10. Those updates were specifically designed to fix the bugs introduced by the original updates. The build numbers in the Knowledge Base articles didn’t match the build numbers that people actually installed but, well, that’s Microsoft.

To read this article in full, please click here

Read More
MicrosoftSecurity
admin

Attack inception: Compromised supply chain within a supply chain poses new risks

Credit to Author: Windows Defender ATP| Date: Thu, 26 Jul 2018 13:00:13 +0000

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a

Read more

Read More
ComputerWorldIndependent
admin

July Windows .Net patches appear, disappear, reappear, disappear again

Credit to Author: Woody Leonhard| Date: Mon, 23 Jul 2018 05:15:00 -0700

Microsoft’s July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks after they were first unleashed, poorly documented versions of the patches now appear to be available, but are not being actively pushed. There’s no indication from Microsoft if and/or when they’ll be fixed.

These patches, originally released on Patch Tuesday, July 10, are baring their FAANGs:

  • KB 4340556 — Security and Quality Rollup updates for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1
  • KB 4340557 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012
  • KB 4340558 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2
  • KB 4340559 — Security and Quality Rollup updates for .Net Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008

The patches had been out for less than a day when we started seeing error reports on AskWoody. As I noted on July 12:

To read this article in full, please click here

Read More
MicrosoftSecurity
admin

March-April 2018 test results: More insights into industry AV tests

Credit to Author: Windows Defender ATP| Date: Fri, 20 Jul 2018 19:30:38 +0000

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cycle. We released a transparency report to help our customers and the broader security community to stay informed

Read more

Read More
ComputerWorldIndependent
admin

Microsoft dives down a bizarre non-cumulative rabbit hole with July patches

Credit to Author: Woody Leonhard| Date: Fri, 20 Jul 2018 09:02:00 -0700

Read More
ComputerWorldIndependent
admin

Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches

Credit to Author: Woody Leonhard| Date: Tue, 17 Jul 2018 09:21:00 -0700

In what is becoming a common occurrence, Microsoft’s Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month, unusually, it took only six days to get the exterminators out.

Since these fixes are aimed at four specific bugs introduced on Patch Tuesday, they don’t include the massive patches normally appearing on the second Patch Whateverday of the month. My guess is we’ll see at least one more big set of Windows patches before the month is out. Oh, boy.

Windows July patches, version 2

Yesterday, Monday, July 16, Microsoft released 27 new security patches for Windows, bringing the total number of patches so far this month up to 156. The new patches fall into six separate groups:

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft yanks buggy Office 2016 patch KB 4018385, republishes all of this month’s patch downloads

Credit to Author: Woody Leonhard| Date: Fri, 13 Jul 2018 06:43:00 -0700

As I reported yesterday, the July 2018 Windows and Office patches teem with bugs. We’re just beginning to see the fallout.

The July 3 non-security Office 2016 patch KB 4018385 is officially yanked. If you don’t recall KB 4018385 — a small patch in a sea of Office fixes — the original KB article describes it thusly:

To read this article in full, please click here

Read More