Microsoft – Page 29 – PossibleThreat Articles

The mess behind Microsoft’s yanked UEFI patch KB 4524244

February 20, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Thu, 20 Feb 2020 06:23:00 -0800

Remember the warning about watching how sausage is made? This is an electronic sausage-making story with lots of dirty little bits.

First, the chronology. On February’s Patch Tuesday, Microsoft released a bizarre standalone security patch, KB 4524244, which was then called “Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: Feb. 11, 2020.” The name has changed, but bear with me.

The original problems with KB 4524244

That patch had all sorts of weird hallmarks as I discussed at the time:

To read this article in full, please click here

Security Sophos

Nearly half of hospital Windows systems still vulnerable to RDP bugs

February 20, 2020 0 Comments BlueKeep, dejablue, Government security, Medical Devices, Microsoft, nhs, Operating Systems, security threats, vulnerability, Windows, wormable, worms

Credit to Author: Danny Bradbury| Date: Thu, 20 Feb 2020 13:58:46 +0000

Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/wGhEwriWtkU” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Dump Windows 7 already! Jeez!

February 18, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 18 Feb 2020 07:00:00 -0800

Why am I still writing about Windows 7? It’s dead, Jim! The tombstone reads, “June 22, 2009 – January 14, 2020.” It was a good run, but unless you’re shelling out some serious coin for Windows 7 Extended Security Updates (ESU), you shouldn’t be running Windows 7.

But many of you are. According to the best survey of who’s running what, the U.S. government’s Digital Analytics Program (DAP), on Feb. 14, weeks after Win7’s end of life, just over one in 20 of Windows users was still using Windows 7! Oh, come on! More than 5%! A dead and buried OS! Get with the program!

To read this article in full, please click here

Security Sophos

Corp.com is up for sale – check your Active Directory settings!

February 14, 2020 0 Comments active directory, corp.com, dns, domain naming system, domain sale, domains, Microsoft, mike o'connor, security threats, Windows

Credit to Author: Danny Bradbury| Date: Fri, 14 Feb 2020 10:51:44 +0000

An old, dormant domain is going on sale – and the results could be catastrophic for enterprises with common Active Directory misconfigurations.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/eNE2lUuM6GI” height=”1″ width=”1″ alt=””/>

Security Sophos

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

February 13, 2020 0 Comments Adobe, Adobe Flash, Internet Explorer, Microsoft, Operating Systems, Patch Tuesday, Patching, RDP, vulnerability, Web Browsers, Windows, zero-day vulnerability

Credit to Author: John E Dunn| Date: Thu, 13 Feb 2020 12:52:59 +0000

Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/JI_KRna6j1I” height=”1″ width=”1″ alt=””/>

Security Sophos

Mozilla issues final warning to websites using TLS 1.0

February 12, 2020 0 Comments Apple, chrome, Edge, firefox, Google, Google Chrome, Microsoft, Microsoft Edge, Mozilla, netscape, Safari, ssl/tls, TLS, tls 1.0, Web Browsers

Credit to Author: John E Dunn| Date: Wed, 12 Feb 2020 16:13:57 +0000

From March, the Firefox, Chrome, Safari and Edge browsers will show warnings when users visit websites that only support TLS versions 1.0 or 1.1.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/3oMQ9dp5jKA” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Thought you already paid for Win7 Extended Security Updates? Think again.

February 12, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Wed, 12 Feb 2020 05:43:00 -0800

I’m hearing lots of complaints from people who spent good money to get Win7 Extended Security Updates, but don’t see this month’s patches. There’s a reason why. Microsoft didn’t bother to tell us that you need a new patch, released yesterday, in order to start receiving Win7 ESU updates. You have to download the new patch, KB 4538483, from the Microsoft Catalog, and install it manually before the updates even appear.

Folks who spent money to get the February and later patches are livid.

Yesterday, after releasing the February updates, Microsoft modified its ESU Procedure page to add this step:

To read this article in full, please click here

Security Sophos

February, 2020 Patch Tuesday brings a century of updates to Microsoft, Adobe products

February 11, 2020 0 Comments acrobat, Adobe, flash, Microsoft, Patch Tuesday, SophosLabs Uncut, Windows

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Feb 2020 20:50:22 +0000

For this second Patch Tuesday of 2020, Microsoft has released a hundred patches to Windows and other Microsoft software, including 12 vulnerabilities flagged as Critical, and 87 flagged as Important. In addition, Adobe also published updates for its Flash Player, Acrobat, Framemaker, Experience Manager, and Digital Editions products in notifications timed to coincide with Microsoft’s […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/zpsWY9HeJhU” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

For Patch Tuesday, verify you have 'Pause Updates' enabled

February 11, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 10 Feb 2020 12:13:00 -0800

Remember the frenzy after last month’s Patch Tuesday? How everybody and his twice-removed cousin — even the N forkin’ SA — told you to get patched immediately because of this big, spooky Crypto API security hole that was supposed to bring down Windows As We Know It, like, right now?

Guess what. It never materialized.

To read this article in full, please click here

ComputerWorld Independent