PossibleThreat Articles

Articles for the experts…

Microsoft

ComputerWorld Independent 

The trials and tribulations of Microsoft’s KB5012170 patch

0 Comments , , ,

KB5012170 is many things to many Windows users. First, it’s a patch that either installs with no problems or leads to a blue screen of death (BSOD). It can also be an indicator we have a problem getting updated drivers on our systems. It can demonstrate how users don’t keep up with Bios updates. And it shows that some OEMs enable Bitlocker on the systems they sell (not necessarily in a good way).

In short, it’s a problematic patch that just keeps rearing its head.

Also known as “Security Update for Secure Boot DBX,” KB5012170 was released earlier this year and makes improvements to the Secure Boot Forbidden Signature Database (DBX).  Windows devices that have Unified Extensible Firmware Interface (UEFI)-based firmware have Secure Boot enabled. It ensures only trusted software can be loaded and executed on during the boot process by using cryptographic signatures to verify the integrity of the process and the software being loaded.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Patch Tuesday: Two zero-day flaws in Windows need immediate attention

0 Comments , , ,

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Read more
ComputerWorld Independent 

Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention

0 Comments , , ,

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft calls time out on Apple Watch Authenticator

0 Comments , , , ,

Using an Apple Watch as a device to authenticate access to enterprise sites and services using Microsoft Authenticator is a convenience that’s about to go away. Microsoft says the feature will stop working after an Authenticator update scheduled for next month.

Apple Watch auth out

Microsoft Authenticator makes it easy to sign into Microsoft accounts, supported apps or services using two-step verification. Authenticator also generates one-time use codes, so you needn’t wait for text messages or calls to access your accounts.

To read this article in full, please click here

Read more
MalwareBytes Security 

Update now! Two zero-days fixed in 2022’s last patch Tuesday

0 Comments , , , , , , , , , , , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: patch Tuesday

Tags: Microsoft

Tags: Android

Tags: Apple

Tags: Mozilla

Tags: Google

Tags: Sap

Tags: Citrix

Tags: Fortinet

Tags: Cisco

Tags: CVE-2022-44698

Tags: MotW

Tags: CVE-2022-44710

Tags: race condition

Tags: CVE-2022-44670

Tags: CVE-2022-44676

Tags: CVE-2022-41076

Tags: remote powershell

The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed

(Read more…)

The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.

Read more
Microsoft Security 

Mitigate threats with the new threat matrix for Kubernetes

0 Comments , , , , ,

Credit to Author: Microsoft Security Threat Intelligence| Date: Wed, 07 Dec 2022 17:00:00 +0000

The updated threat matrix for Kubernetes comes in a new format that simplifies usage of the knowledge base and with new content to help mitigate threats.

The post Mitigate threats with the new threat matrix for Kubernetes appeared first on Microsoft Security Blog.

Read more