Windows – Page 6 – PossibleThreat Articles

Patch now to address critical Windows zero-day flaw

January 13, 2023 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

The first Patch Tuesday of the year from Microsoft addresses 98 security vulnerabilities, with 10 classified as critical for Windows. One vulnerability (CVE-2023-21674) in a core section of Windows code is a zero-day that requires immediate attention. And Adobe has returned with a critical update, paired with a few low-profile patches for the Microsoft Edge browser.

We have added the Windows and Adobe updates to our “Patch Now” list, recognizing that this month’s patch deployments will require significant testing and engineering effort. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this January update cycle.

To read this article in full, please click here

Security Sophos

January 2023 patch roundup: Microsoft tees up 98 updates

January 10, 2023 0 Comments 3d builder, adobe reader, cve-2023-21531, cve-2023-21552, cve-2023-21559, cve-2023-21674, cve-2023-21678, cve-2023-21743, exp/2321552-a, exp/2321674-a, featured, Microsoft, Patch Tuesday, sharepoint, sophos x-ops, threat research, Windows, windows 7, x-ops

Credit to Author: Angela Gunn| Date: Wed, 11 Jan 2023 02:05:40 +0000

Adobe greets the new year with patches for 18 vulns in Reader, Acrobat, and others; sun sets on the last of Win7, 8, RT support

MalwareBytes Security

New device? Here’s how to safely dispose of your old one

January 5, 2023 0 Comments Android, Apple, back up, chromebook, devices, iPad, iPhone, mac, news, recycle, reset, Windows

Categories: Android

Categories: Apple

Categories: News

Tags: devices

Tags: recycle

Tags: back up

Tags: reset

Tags: android

Tags: mac

Tags: apple

Tags: iphone

Tags: ipad

Tags: windows

Tags: chromebook

Before we hand down, sell on, or recycle our old device we will want to make sure all personal data are backed up and deleted from the device. Here’s how…

ComputerWorld Independent

The trials and tribulations of Microsoft’s KB5012170 patch

December 19, 2022 0 Comments Microsoft, Security, small and medium business, Windows

KB5012170 is many things to many Windows users. First, it’s a patch that either installs with no problems or leads to a blue screen of death (BSOD). It can also be an indicator we have a problem getting updated drivers on our systems. It can demonstrate how users don’t keep up with Bios updates. And it shows that some OEMs enable Bitlocker on the systems they sell (not necessarily in a good way).

In short, it’s a problematic patch that just keeps rearing its head.

Also known as “Security Update for Secure Boot DBX,” KB5012170 was released earlier this year and makes improvements to the Secure Boot Forbidden Signature Database (DBX). Windows devices that have Unified Extensible Firmware Interface (UEFI)-based firmware have Secure Boot enabled. It ensures only trusted software can be loaded and executed on during the boot process by using cryptographic signatures to verify the integrity of the process and the software being loaded.

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday: Two zero-day flaws in Windows need immediate attention

December 16, 2022 0 Comments Microsoft, Security, small and medium business, Windows

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention

December 16, 2022 0 Comments Microsoft, Security, small and medium business, Windows

To read this article in full, please click here

Independent Krebs Security

Microsoft Patch Tuesday, December 2022 Edition

December 14, 2022 0 Comments apple zero-day, cve-2022-41076, cve-2022-44698, cve-2022-44710, cve-2022-44713, greg wiseman, immersive labs, kevin breen, Latest Warnings, microsoft patch tuesday december 2022, PowerShell, rapid7, security tools, sophos, Time to Patch, trend micro's zero day initiative, will dormann, Windows

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 17:01:07 +0000

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Security Sophos

Signed driver malware moves up the software trust chain

December 13, 2022 0 Comments 2022-12, adv220005, burntcigar, byovd, cuba ransomware, driver signature enforcement, drivers, featured, Patch Tuesday, sbom, security operations, signed drivers, sophos x-ops, supply chain compromise, threat research, whcp, whql, Windows, x-ops

Credit to Author: Andrew Brandt| Date: Tue, 13 Dec 2022 18:00:15 +0000

The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate WHCP certificate

ComputerWorld Independent

Patch Tuesday includes 6 Windows zero-day flaws; patch now!

November 11, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

Microsoft on Tuesday released a tightly focused but still significant update that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a new record: six zero-day flaws affecting Windows. As a result, we have added both the Windows and Exchange Server updates to our “Patch Now” schedule. Microsoft also published a “defense in depth” advisory (ADV220003) to help secure Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.

To read this article in full, please click here

Security Sophos

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

November 10, 2022 0 Comments bust, cryptocurrency, Exploit, Law & order, Microsoft, Naked Security Podcast, Patch Tuesday, Podcast, Privacy, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Thu, 10 Nov 2022 17:26:34 +0000

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks – listen now!