Patch Tuesday News, Articles and Updates
Adobe Experience Manager received a "hotfix" to patch four vulnerabilities that could allow cross scripting attacks.
The software giant said one of the seven bulletins addresses critical vulnerabilities in Word.
Next week's monthly patch batch from Microsoft is not very burdensome, but it includes a new requirement that certificates must contain RSA key lengths of more than 1,024 bits.
Microsoft is prepping fixes for 10 vulnerabilities, with researchers' expecting the highest-priority fixes to involve issues in Internet Explorer and Exchange.
A Windows vulnerability that Microsoft patched back in April continues to be used in targeted attacks against political, industrial and defense organizations.
In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.
Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, but it is unclear if a zero-day vulnerability in XML Core Services, which is under active exploit, will be remediated.
As part of its regularly scheduled patch release, Microsoft issued fixes for gaping vulnerabilities in Internet Explorer and Remote Desktop Protocol. The software giant also released a new feature that, in the wake of the Flame virus, enables certificates to be automatically updated.
The fixes are set to address 25 vulnerabilities, covering Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX and the .NET Framework.
Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
Microsoft on Tuesday plans to dispense seven patches to correct 23 security vulnerabilities.
Administrators better hurry to patch at least one vulnerability, in Windows Common Controls, that is being used in limited but targeted exploits.
Get ready IT administrators: Scheduled patches from Microsoft -- and Adobe -- are set to arrive on Tuesday.
A severe vulnerability in the Remote Desktop Protocol, which was patched by Microsoft on Tuesday along with six other bugs, affects all versions of Windows and could result in a worm.
Microsoft next week plans to release six patches, including one for a "critical" vulnerability affecting all supported versions of the software giant's operating system.
Happy Valentine's Day, IT administrators. Microsoft has showered you with nine security patches to remedy 21 vulnerabilities.
Tuesday's monthly patch batch from Microsoft will be relatively light, with the software giant planning nine fixes -- four rated "critical" -- to address 21 vulnerabilities.
Researchers warned Thursday that a recently patched vulnerability in Windows Media is being used by remote attackers to launch malware.
While Tuesday's security update only contains one fix for a "critical" issue, it addresses a number of issues that could lead to malware infestations.
The security update, which plans to address eight vulnerabilities, will include one "critical" fix.
Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
Microsoft on Tuesday is scheduled to release 14 patches to fix 20 vulnerabilities across its product line.
In an effort to smooth the patching process for users, Microsoft plans to improve its updating mechanism in Windows 8, due out next year.
Microsoft on Tuesday patched one "critical" vulnerability, plus three other less-severe flaws. Not patched, as expected, is a bug related to the Duqu trojan.
Microsoft is prepping four security bulletins for its November update, though it is not expected to provide a fix for the zero-day flaw used to spread Duqu.
Microsoft on Tuesday released eight fixes to address 23 vulnerabilities that lie across its software and operating system components.
The Patch Tuesday bulletins, of which two are rated "critical" and six deemed "important," are due Oct. 11 at about 2 p.m. EST.
Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.
Microsoft on Friday accidentally posted details about Tuesday's scheduled security update. The software giant removed the five "important" bulletins, but not before organizations such as the SANS Internet Storm Center posted a summary of the patches. According to the group, six of the vulnerabilities being patched are in SharePoint, five in Excel, two in Office and one each in Windows and the Windows Internet Name Service (WINS). The Windows, Excel and Office flaws could lead to remote code execution. However, Microsoft has said none of the five patches earned the software giant's most severe designation of "critical." In a tweet, the Microsoft Security Response Center said it has since removed the content about the patches.
Microsoft is readying five "important" security bulletins for Windows and Office, while Adobe plans to release critical updates for Reader and Acrobat.
SC Magazine Articles
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Voter databases in two states breached by foreign hackers, FBI
- Ransomware: The evolution of cybercrime, a roundtable
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!
- SWIFT warns of new attacks, pushes for security upgrades
- Paypal users targeted in new angler phishing scam, Proofpoint report
- Dropbox commended for its handling of massive data breach involving 68M users
- Google refuses to patch alleged login page flaw
- RIPPER malware suspected behind $350K Thailand ATM heist, report