Microsoft Patch Alert: November patches behave themselves – with a few exceptions

Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

To read this article in full, please click here

Read more

DNS-over-HTTPS is coming to Windows 10

Credit to Author: John E Dunn| Date: Thu, 21 Nov 2019 15:22:43 +0000

Microsoft will soon add the ability to use DNS-over-HTTPS and DNS-over-TLS into its networking client.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/KwCTrsw95Kk” height=”1″ width=”1″ alt=””/>

Read more

Microsoft starts releasing fixes for Access bugs introduced in Office security patches this month

Credit to Author: Woody Leonhard| Date: Tue, 19 Nov 2019 06:09:00 -0800

Although we’ve been promised no “C” or “D” week second cumulative updates for the rest of the year — at least for Windows — Microsoft has acknowledged a bug it created in last week’s Patch Tuesday Office patches, and now promises that it’ll update the bad fixes on most machines this week or next. Those are “C” week and “D” week, respectively.

The cause du jour: a bug in all of this month’s Office security patches that throws an error in Access saying, “Query xxxx is corrupt,” when in fact the query in question is just fine. Microsoft describes the erroneous error message on its Office Support site:

To read this article in full, please click here

Read more

Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more 'optional' patches this year

Credit to Author: Woody Leonhard| Date: Wed, 13 Nov 2019 07:59:00 -0800

The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity. Here’s where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109 

Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:

It sits at “Installing: 0%” for a couple minutes then goes away. When I hit “Check for Updates” it shows up again and does the same thing.

To read this article in full, please click here

Read more

Patch Tuesday targets Hyper-V virtual machines in November, 2019 updates

Credit to Author: SophosLabs Offensive Security| Date: Tue, 12 Nov 2019 17:15:50 +0000

Microsoft released their monthly security updates for November, 2019, this morning. This month, Microsoft said the company fixed a total of 73 vulnerabilities across its product lines. Thirteen of the fixes address problems Microsoft classifies as Critical, the most urgent type of problem to address. The company classified the repair of an additional 59 bugs [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/BBm3ctmT8pE” height=”1″ width=”1″ alt=””/>

Read more

Nvidia patches graphics products and GeForce Experience update tool

Credit to Author: John E Dunn| Date: Tue, 12 Nov 2019 11:58:11 +0000

The update fixes 11 mainly high-severity security flaws in Windows and GeForce graphics card drivers, including three in the program used to update them.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/dRHL2MrNvkw” height=”1″ width=”1″ alt=””/>

Read more

Microsoft urges us to patch after partially effective BlueKeep attack

Credit to Author: Danny Bradbury| Date: Mon, 11 Nov 2019 15:58:08 +0000

Microsoft has urged people to patch their Windows systems following the appearance of mass BlueKeep exploits just over a week ago.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/t3L4UyESmBg” height=”1″ width=”1″ alt=””/>

Read more

Patch Tuesday alert: Make sure Windows Auto Update is temporarily disabled

Credit to Author: Woody Leonhard| Date: Mon, 11 Nov 2019 05:03:00 -0800

For those of you who haven’t patched since May, there’s exceedingly bad news on the horizon. Per Catalin Cimpanu at ZDNet, Metasploit’s working-but-just-barely BlueKeep exploit is about to get a significant bug fix. That’ll put BlueKeep infection capabilities in the hands of mere mortals. The script kiddies won’t be far behind.

If you’re using — or you know someone who’s using — Windows XP, Vista, Win7, Server 2003, Server 2008 or Server 2008 R2, get patched nowThe fix is easy. Even  Aunt Martha can handle it.

To read this article in full, please click here

Read more