Microsoft – Page 4 – PossibleThreat Articles

Patch now! First patch Tuesday of 2024 is here

January 13, 2024 0 Comments cve-2024-20674, cve-2024-20677, cve-2024-20700, Exploits and vulnerabilities, fbx, Hyper-V, kerberos, Microsoft, news, Patch Tuesday

Microsoft’s patch Tuesday roundup looks like a relatively quiet one. Unless your organization uses FBX files.

MalwareBytes Security

Microsoft disables ms-appinstaller after malicious use

January 13, 2024 0 Comments iabs, Microsoft, ms-appinstaller, news, Ransomware, search ads, seo poisoning, Social engineering

Microsoft decided to disable App Installer links by default after it noticed several access brokers using the handler to spread malware.

ComputerWorld Independent

For December, an exceptionally light Patch Tuesday

December 15, 2023 0 Comments Microsoft, Security, small and medium business, Windows

Over the past year, we’ve seen Microsoft make radical improvements in its browser stability and significant positive changes to its Windows update communication and telemetry strategies. And this month’s Patch Tuesday release brings with it an incredibly light set of updates — maybe the fewest number of updates I have ever seen.

There are no zero-days, which is a great finish to 2023, though Windows gets three critical updates and Visual Studio will require immediate attention due to several re-releases of past critical application patches.

The team at Readiness has created a helpful infographic to outline the risks associated with each update in this last release of 2023. One note of caution: we have seen several potential updates to older patches (October/November) potentially coming down the release pipeline from Microsoft. It might be worth checking in during the upcoming holiday break to see whether there are any out-of-band patches for the Windows ecosystem.

To read this article in full, please click here

MalwareBytes Security

Microsoft patches 34 vulnerabilities, including one zero-day

December 13, 2023 0 Comments amd, cve-2023-35628, cve-2023-50164, Exploits and vulnerabilities, Microsoft, mshtml, news

Microsoft and other vendors have released their rounds of December updates on or before patch Tuesday. Update now!

Security Sophos

From Microsoft to you, 33 packages

December 12, 2023 0 Comments DHCP, featured, Microsoft, Patch Tuesday, power platform, threat research

Credit to Author: Angela Gunn| Date: Tue, 12 Dec 2023 22:12:08 +0000

The lightest December Patch Tuesday in years still brings a few lumps of coal for infosec stockings

ComputerWorld Independent

Microsoft to offer extended Windows 10 security updates to businesses, individual users

December 5, 2023 0 Comments Microsoft, Security, Windows 10

Microsoft plans to offer extended security updates to both business and individual Windows 10 users for the first time when the operating system reaches end-of-life in late 2025.

Microsoft encouraged Windows 10 customers to begin plans to migrate to the latest version of the operating system — Windows 11 — last April with the announcement that Windows 10 22H2 would be the final version.

Windows 10 is still the most widely used version of the OS, accounting for 64% of US desktop market share, according to StatCounter’s figures; that compared to 30% for Windows 11.

To read this article in full, please click here

ComputerWorld Independent

Critical zero-day flaws in Windows, Office mean it's time to patch

November 17, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

We are now in the third decade of Microsoft’s monthly Patch Tuesday releases, which deliver fewer critical updates to browsers and Windows platforms — and much more reliable updates to Microsoft Office — than in the early days of patching. But this month, the company rolled out 63 updates (including fixes for three zero-days in Windows and Office).

Updates to Microsoft Exchange and Visual Studio can be included in standard patch release cycles, while Adobe needs to be included in your “Patch Now” releases for third-party applications.

The team at Readiness has provided a detailed infographic that outlines the risks associated with each of the updates for November.

To read this article in full, please click here

Security Sophos

A November rain of patches from Microsoft

November 16, 2023 0 Comments Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Thu, 16 Nov 2023 18:08:02 +0000

A collection of 57 CVEs for twelve product families is literally only half of the story this month

ComputerWorld Independent

‘Data poisoning’ anti-AI theft tools emerge — but are they ethical?

October 30, 2023 0 Comments Artificial intelligence, Emerging Technology, generative ai, Intel, legal, Microsoft, natural language processing, regulation, Security

Technologists are helping artists fight back against what they see as intellectual property (IP) theft by generative artificial intelligence (genAI) tools whose training algorithms automatically scrape the internet and other places for content.

The fight over what constitutes fair use of content found online is at the heart of what has been an ongoing court battle. The fight goes beyond artwork to whether genAi companies like Microsoft and its partner, OpenAI, can incorporate software code and other published content into their models.

To read this article in full, please click here

Security Sophos

Patch Tuesday harvests a bumper crop in October

October 11, 2023 0 Comments curl, cve-2023-38545, cve-2023-44487, featured, libcurl, Microsoft, Patch Tuesday, threat research

Credit to Author: Angela Gunn| Date: Wed, 11 Oct 2023 18:06:24 +0000

Two significant vulnerabilities – both extending far beyond Microsoft – make this a crucial month for admins to stay on their game