Microsoft Office – Page 4 – PossibleThreat Articles

Microsoft Patch Alert: January 2020 patches look relatively benign

January 23, 2020 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Thu, 23 Jan 2020 07:17:00 -0800

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: December patches hang Win7 Pro endpoints and force Server 2012 reboots

January 6, 2020 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 06 Jan 2020 09:55:00 -0800

It was the kind of month admins dread: Mysterious problems on hundreds of machines, with no apparent cause or cure. Toss in the holidays, and we had a whole lot of Mr. and Ms. Grinches in the industry.

Fortunately, it looks like the problems have been sorted out at this point. Individual users had many fewer problems. Microsoft’s left and right hands still aren’t talking on the 1909 team, but what else is new…

Win7 hang on ‘Preparing to configure Windows’

Microsoft dropped a new Servicing Stack Update for Windows 7 on Dec. 10, and it gummed up the works for many. Here’s a good summary on Reddit from poster Djaesthetic:

To read this article in full, please click here

Security Sophos

A Lighter-than-normal Patch Tuesday for December, 2019

December 10, 2019 0 Comments acrobat, adobe reader, Edge, flash, hyperv, lync, Microsoft Office, skype, SophosLabs Uncut, sql server, VBscript, visual studio, Windows, windows server

Credit to Author: alexandrebecholey| Date: Wed, 11 Dec 2019 00:36:22 +0000

There may be a smaller overall tally of things to fix this month than in recent update cycles, but at least one bug is being exploited in the wild<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gu6tev4DC1Q” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Microsoft Patch Alert: November patches behave themselves – with a few exceptions

December 3, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

To read this article in full, please click here

Security Sophos

Office for Mac 2011 users warned about SYLK file format

November 5, 2019 0 Comments Apple, cert/cc, mac, Microsoft, Microsoft Office, Operating Systems, security threats, sylk, Technologies, vulnerability, Windows, xml macro

Credit to Author: John E Dunn| Date: Tue, 05 Nov 2019 17:14:21 +0000

Still running Office 2011 on a Mac? If so, there are at least two reasons why that might not be a good idea.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/HjBh551ovHI” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs

October 29, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 29 Oct 2019 12:18:00 -0700

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here

MalwareBytes Security

A week in security (September 30 – October 6)

October 7, 2019 0 Comments A week in security, Adwind RAT, APT, cobalt, consumer behavior study, daas, disinformation-as-a-service, domestic violence awareness month, ghostcat-3pc, google alert, Hyas, insikt group, magecart group 4, Microsoft Office, Microsoft Word, national cyber security centre, national cybersecurity awareness month, ncsam, ncsc, odt, opendocument text, Ransomware, robocall, scams in ads, security orchestration, security research labs, simjacking, sms-based attacks, srlabs, Stalkerware, the media trust, vpn vulnerabilities

Credit to Author: Malwarebytes Labs| Date: Mon, 07 Oct 2019 15:43:53 +0000

A roundup of the latest cybersecurity news for the week of September 30 – October 6, including National Cybersecurity Awareness Month, Magecart, and more.

Categories:

A week in security

Tags: Adwind RAT APT Cobalt consumer behavior study DaaS disinformation-as-a-service domestic violence awareness month GhostCat-3PC Google Alert HYAS Insikt Group Magecart Group 4 Microsoft Office microsoft word National Cyber Security Centre national cybersecurity awareness month NCSAM NCSC ODT OpenDocument Text ransomware robocall scams in ads security orchestration Security Research Labs simjacking SMS-based attacks SRLabs stalkerware The Media Trust VPN vulnerabilities

(Read more…)

The post A week in security (September 30 – October 6) appeared first on Malwarebytes Labs.

ComputerWorld Independent

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming

September 30, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 30 Sep 2019 10:16:00 -0700

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: Full of sound and fury, signifying nothing

August 30, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: Welcome to the Upside Down

July 30, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here