S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
Credit to Author: Paul Ducklin| Date: Thu, 10 Nov 2022 17:26:34 +0000
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks – listen now!
Read moreWindows
Patch Tuesday, November 2022 Election Edition
Credit to Author: BrianKrebs| Date: Wed, 09 Nov 2022 01:50:14 +0000
Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Read moreHow to protect your privacy in Windows 10
There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft’s operating system crosses the privacy line or just want to make sure you safeguard as much of your personal life as possible, we’re here to help. Here’s how to protect your privacy in just a few minutes.
Note: This story has been updated for Windows 10 version 22H2. If you have an earlier release of Windows 10, some things may be different.
Turn off ad tracking
At the top of many people’s privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person’s interests that is used by a variety of companies to target ads.
Zero-day flaws mean it's time to patch Exchange and Windows
This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
Zero-days flaws mean it's time to patch Exchange and Windows
This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
Serious Security: Microsoft Office 365 attacked over feeble encryption
Credit to Author: Paul Ducklin| Date: Fri, 14 Oct 2022 16:59:25 +0000
How 2022 is your encryption?
Read morePatch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
Credit to Author: Paul Ducklin| Date: Wed, 12 Oct 2022 16:58:26 +0000
There’s a zero-day patch, but it’s not for the zero-day you thought.
Read moreCritical zero-days make September's Patch Tuesday a 'Patch Now' release
With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month’s Patch Tuesday release gets a “Patch Now” priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)
When Windows updating goes bad — the case of the problematic patch
Credit to Author: Susan Bradley| Date: Tue, 06 Sep 2022 04:08:00 -0700
Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you’re located). And each month, most users all apply the same updates.
But should we?
Case in point: KB5012170, a patch released on Aug. 9 that either causes no issues — or triggers Bitlocker recover key requests or won’t install at all, demanding that you go find a firmware update. This patch, called the Security update for Secure Boot DBX, applies to nearly all supported Windows releases. Specifically, it affects Windows Server 2012; Windows 8.1 and Windows Server 2012 R2; Windows 10, version 1507; Windows 10, version 1607 and Windows Server 2016; Windows 10, version 1809 and Windows Server 2019; Windows 10, versions 20H2, 21H1, and 21H2; Windows Server 2022; Windows 11, version 21H2 (original release), and Azure Stack HCI, version 1809, all the way to Azure Stack Data Box, version 1809 (ASDB).
Patch Tuesday update addresses 123 vulnerabilities, two critical zero-days
Credit to Author: Greg Lambert| Date: Sat, 13 Aug 2022 04:58:00 -0700
Microsoft’s August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it’s back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update, it will require planning and testing before deployment.
The first (CVE-2022-34713) occurs in the Windows diagnostic tools and the second (CVE-2022-30134) affects Microsoft Exchange. Basically, the holidays are over and it’s time to pay attention to Microsoft updates again. We have made “Patch Now” recommendations for Windows, Exchange and Adobe for this month.