Microsoft Patch Tuesday

Remote execution vulnerabilities top Microsoft's October Patch Tuesday

Microsoft Subnet — Tue, 14 Oct 2008 17:29:24 -0400

This month's batch of Microsoft vulnerabilities are centered more on remote execution rather than "visit this evil Web site and get hacked," said Eric Schultze, CTO of Shavlik Technologies, commenting on Microsoft's October Patch Tuesday in which 11 fixes were released. "We are getting into more vulnerabilities that hit the infrastructure, the Windows kernel, Active Directory, protocol overflows.

Read more

Microsoft to release 'exploitability index' with security patches

Microsoft Subnet — Mon, 13 Oct 2008 15:33:25 -0400

Issuing patches monthly or quarterly means IT managers are bombarded with fixes that they need to evaluate and apply as they race against hackers who may be looking at ways to attack systems that are vulnerable - if they hadn't done so already. Microsoft, which tomorrow is expected to issue 11 patches - four of them rated critical, expected to add an "Exploitability Index" to each of the fixes.

Read more

11 patches to come on Patch Tuesday

Microsoft Subnet — Thu, 09 Oct 2008 14:41:47 -0400

Patch Tuesday rolls around all too quickly and the next one will get Microsoft administrators busy. The software giant plans to ship 11 security updates - four of them rated critical, according to this IDG News Service story.

Read more

Microsoft misses one critical patch

Microsoft Subnet — Tue, 12 Aug 2008 16:47:51 -0400

Microsoft has held back one critical patch today because of quality issues, reports Network World's John Fontana. The software giant last week said it would issue seven patches this month, but the patch for for IE (MS08-045) - a combination of five privately reported vulnerabilities and one publicly disclosed vulnerability - won't be available until September. Let's hope the vulnerabilities won't be actively exploited before then.

Read more

Microsoft Patch Tuesday does not fix critical Access bug

SecurityBlog — Tue, 08 Jul 2008 17:54:32 -0400

Microsoft Patch Tuesday is upon us with four "important" fixes for SQL, Windows Explorer, DNS and Outlook Web Access for Exchange Server. But there's no fix for a critical bug in Access that is currently being exploited by hackers. Microsoft isn't saying much about the specific flaw, only that it affects "all supported versions of Microsoft Office Access except Microsoft Access 2007" and lies in the Snapshot Viewer ActiveX control. Attackers are exploiting the vulnerability by luring targets to a malicious Web site, where visitors using Internet Explorer will pick up malicious code that exploits the flaw.

Read more

Only XP SP3 safe from hacker Windows exploit of a bug patched on Tuesday

Microsoft Subnet — Fri, 11 Apr 2008 19:04:49 -0400

Symantec issued a warning on Friday afternoon via its DeepSight threat service that hackers are working a bug that was patched via Microsoft's April Patch Tuesday. Only Windows XP SP3 is safe, the report says, according to the blog Neowin.net. Hackers are trying to exploit the critical Windows GDI (graphics device interface) bugs. The hole can be accessed through a malformed Windows Metafile or Enhanced Metafile image, Microsoft said.

Read more

Podcast: Security Mike Gets Serious About Security

Mitchell Ashley — Thu, 13 Mar 2008 04:18:53 -0400

A good friend of mine and security expert Mike Rothman, principal at Security Incite, joins me for this week's podcast .

On the podcast, Mike and I talk about the role of patch management and change control in the Microsoft Patch Tuesday process, what the Network Access Protection (NAP) capabilities in Windows Server 2008 means to us, and the impact we've seen from the improvements of Vista's security (including the impact of disabling UAC).

Read more

Killer Patch Tuesday with "important" patches a top priority

Microsoft Subnet — Wed, 13 Feb 2008 10:26:33 -0500

Good thing Microsoft gives users a month between each major update!

Read more

Microsoft readying slew of critical updates for next week

Microsoft Subnet — Thu, 07 Feb 2008 15:31:01 -0500

A whopping 12 updates are coming at you for the February Patch Tuesday (Feb. 12) Does more equal better? Do these patches mean that Microsoft's security is improving -- as in the company is responding faster to more threats? Or is it an indication that way too many bugs exist in way too many products?

Seven of the 12 are rated critical and affect Windows, Internet Explorer, Office and IE (one critical bug is aimed at VBScript and JScript used by IE). All remaining five updates are rated "important" and affect Vista, Active Directory, Microsoft Works and the IIS Web server.

Cisco security center aims to help network admins cope with Microsoft Patch Tuesday alerts

Cisco Subnet — Tue, 11 Dec 2007 19:52:40 -0500

Dave Goddard writing in Cisco's Security Blog used Microsoft's Patch Tuesday to remind Cisco customers of its redesigned Cisco Security Center site, which includes the IntelliShield Event Responses. As Goddard explains, IntelliShield Event Responses "consolidate Cisco's knowledge and best practices about particular events in a single document.

Read more