Microsoft – Page 36 – PossibleThreat Articles

Credit to Author: Naked Security| Date: Wed, 09 Oct 2019 14:12:59 +0000

Google ha admitido que algunos dispositivos con Android se han vuelto vulnerables recientemente a un grave exploit día cero que la compañía pensó que había reparado definitivamente hace casi dos años. El problema salió a la luz recientemente cuando el Grupo de Análisis de Amenazas (TAG) de Google se enteró de que se estaba utilizando […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/C1QSpGRPTh8″ height=”1″ width=”1″ alt=””/>

Security Sophos

Microsoft fixes drop in number for October, 2019 updates

October 9, 2019 0 Comments Adobe, chakra, ChakraCore, Edge, elevation of privilege, exploits, Microsoft, Patch Tuesday, SophosLabs Uncut, updates, VBscript, vulnerability, Windows

Credit to Author: SophosLabs Offensive Security| Date: Wed, 09 Oct 2019 20:00:31 +0000

A relatively low number of vulnerabilities were addressed in this month’s Windows update rollups<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/kC7qjGbuUh8″ height=”1″ width=”1″ alt=””/>

Security Sophos

October Patch Tuesday: Microsoft fixes critical remote desktop bug

October 9, 2019 0 Comments Azure, cve-2019-1060, cve-2019-1255, cve-2019-1333, cve-2019-1365, cve-2019-1366, cve-2019-1367, cve-2019-1368, CVEs, edge browser, Internet Explorer, Microsoft, Microsoft Edge, Operating Systems, Organisations, Patch Tuesday, Patches, remote code, remote code execution, security threats, Technologies, vulnerability, Web Browsers, Windows

Credit to Author: Danny Bradbury| Date: Wed, 09 Oct 2019 12:14:46 +0000

Microsoft fixed 59 vulnerabilities in October’s Patch Tuesday, including several critical remote code execution (RCE) flaws.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/jWWY6mMadts” height=”1″ width=”1″ alt=””/>

Security Sophos

Microsoft se apresura a arreglar un día cero de Internet Explorer

October 7, 2019 0 Comments actualidad, Internet Explorer, Microsoft, vulnerabilidad

Credit to Author: Naked Security| Date: Thu, 26 Sep 2019 13:28:42 +0000

Los usuarios de Windows siempre tuvieron problemas de seguridad con Internet Explorer, y ahora que se ha reemplazado en Windows 10, es como si ahora estuvieran luchando para vivir de manera segura sin él. Por ejemplo, la prisa de esta semana por parte de Microsoft para corregir dos vulnerabilidades de alta prioridad que afectan a […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TwVohMC2jCk” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day

October 4, 2019 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Fri, 04 Oct 2019 06:49:00 -0700

You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn’t go out through Windows Update, or through the Update Server.

Sept. 24: Microsoft released “optional, non-security” cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn’t bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they’re “optional” and “Preview,” which means most savvy individuals and companies won’t install them until they’ve been tested.

To read this article in full, please click here

ComputerWorld Independent

Time to install Microsoft's mainstream September patches – and avoid the dregs

October 2, 2019 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Wed, 02 Oct 2019 11:00:00 -0700

It’s a smelter-weight slapdown.

In one corner you have the Chicken Little contingent, which insists that September’s IE zero-day patch must be important because Microsoft marked it as “Exploited: Yes” and memorialized it with an extremely odd patch on a Monday, followed in Keystone Kops fashion with a stumbling trail of follow-ons.

To read this article in full, please click here

ComputerWorld Independent

Post-retirement Windows 7 patches: Not just for the big dogs now

October 2, 2019 0 Comments Microsoft, Security, Windows

Credit to Author: Gregg Keizer| Date: Wed, 02 Oct 2019 05:29:00 -0700

Microsoft on Tuesday changed its plans for selling Windows 7 post-retirement support, saying that it will offer patches-for-a-price to any business, no matter how small, that’s willing to pay.

“Through January 2023, we will extend the availability of paid Windows 7 Extended Security Updates (ESU) to businesses of all sizes,” Jared Spataro, an executive in the Microsoft 365 group, wrote in a post to a company blog.

Microsoft had announced the ESU program in September 2018. Since April, when the company started selling ESU, only customers with volume licensing deals for Windows 7 Enterprise or Windows 10 Professional have been eligible to purchase the support add-on.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming

September 30, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 30 Sep 2019 10:16:00 -0700

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

To read this article in full, please click here

Security Sophos

Outlook on the web bans a further 38 file types

September 30, 2019 0 Comments .ace files, block list, cve-2018-20250, email attachments, file extension, malware, Microsoft, microsoft outlook, outlook, outlook for the web, security threats

Credit to Author: John E Dunn| Date: Mon, 30 Sep 2019 11:56:21 +0000

Outlook on the web bans a further 38 file types<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/9PAQW38fA1c” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

What do we know about the big, scary, exploited, emergency-patched IE security hole CVE-2019-1367?

September 25, 2019 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Wed, 25 Sep 2019 07:29:00 -0700

Microsoft set the patching world on its ear on Monday when it released an “out of band” patch to fix a vulnerability known as CVE-2019-1367. Susan Bradley raised the alarm immediately. I chimed in a few hours later with more details.

To read this article in full, please click here