Credit to Author: Paul Ducklin| Date: Mon, 11 Jul 2022 18:27:10 +0000
An Office anti-malware setting that took more than 20 years to arrive… and fewer than 20 weeks to vanish again.
Read more
Credit to Author: Greg Lambert| Date: Fri, 15 Jul 2022 12:04:00 -0700
Though we get a reprieve from Exchange updates in this month’s Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft’s new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)
Though the numbers are still quite high (with 86+ reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.
Credit to Author: Paul Ducklin| Date: Thu, 14 Jul 2022 16:47:47 +0000
Latest episode – listen now! Great discussion, technical content, solid advice… all covered in plain English.
Read more
Credit to Author: Susan Bradley| Date: Mon, 11 Jul 2022 08:56:00 -0700
On July 8, Microsoft pulled back from its decision in February to block macros in Excel documents by default. Microsoft had said it would block Excel files that contained macros if they were downloaded from the internet. (Malicious actors use these lures as a way to launch attacks on networks; specifically, ransomware and other types of malicious activity can launched from a plain, old malicious spreadsheet.)
Microsoft still plans to put this blocking in place, but only after “a better experience.” In the meantime, there are actions you can take now so you won’t need to worry about the change in the future.
If you work for a firm that’s developed spreadsheets for your own internal office use, chances are the spreadsheet does not have a digital signature. Signing machos is similar to how websites use SSL certificates to validate the site is legit. The hardest part of the self-signing process is deciding whether you want to purchase a code-signing certificate or use the self-signed certificate process. (I can tell you from personal experience that trying to purchase a code-signing certificate is an expensive and cumbersome process. I don’t recommend that option, except for large enterprises where the code-signing process is routine.)
Credit to Author: Paul Ducklin| Date: Mon, 11 Jul 2022 13:27:10 +0000
An Office anti-malware setting that took more than 20 years to arrive… and fewer than 20 weeks to vanish again.
Read moreCredit to Author: Christopher Boyd| Date: Mon, 11 Jul 2022 09:12:17 +0000
We waited three decades for macro blocking…and now it’s going away again!
The post Microsoft appears to be rolling back Office Macro blocking appeared first on Malwarebytes Labs.
Read more
Credit to Author: Evan Schuman| Date: Thu, 07 Jul 2022 03:00:00 -0700
Microsoft is backing away from its public support for some AI-driven features, including facial recognition, and acknowledging the discrimination and accuracy issues these offerings create. But the company had years to fix the problems and didn’t. That’s akin to a car manufacturer recalling a vehicle rather than fixing it.
Despite concerns that facial recognition technology can be discriminatory, the real issue is that results are inaccurate. (The discriminatory argument plays a role, though, due to the assumptions Microsoft developers made when crafting these apps.)
Let’s start with what Microsoft did and said. Sarah Bird, the principal group product manager for Microsoft’s Azure AI, summed up the pullback last month in a Microsoft blog.
Credit to Author: Malwarebytes Labs| Date: Mon, 20 Jun 2022 09:49:33 +0000
The most important and interesting computer security stories from the last week.
The post A week in security (June 13 – June 19) appeared first on Malwarebytes Labs.
Read more
Credit to Author: Greg Lambert| Date: Fri, 17 Jun 2022 12:09:00 -0700
June’s Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component, CVE-2022-30190, led to a “Patch Now” recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.
Credit to Author: Paul Ducklin| Date: Thu, 16 Jun 2022 16:52:55 +0000
Lastest epsiode – listen now!
Read more