Windows – Page 7 – PossibleThreat Articles

Patch Tuesday, November 2022 Election Edition

November 8, 2022 0 Comments askwoody, cve-2022-41073, cve-2022-41080, cve-2022-41082, cve-2022-41091, cve-2022-41125, cve-2022-41128, immersive labs, kevin breen, Microsoft, microsoft patch tuesday november 2022, sans internet storm center, satnam narang, tenable, Time to Patch, Windows, windows print spooler

Credit to Author: BrianKrebs| Date: Wed, 09 Nov 2022 01:50:14 +0000

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

ComputerWorld Independent

How to protect your privacy in Windows 10

November 7, 2022 0 Comments Privacy, small and medium business, Windows, Windows 10

There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft’s operating system crosses the privacy line or just want to make sure you safeguard as much of your personal life as possible, we’re here to help. Here’s how to protect your privacy in just a few minutes.

Note: This story has been updated for Windows 10 version 22H2. If you have an earlier release of Windows 10, some things may be different.

Turn off ad tracking

At the top of many people’s privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person’s interests that is used by a variety of companies to target ads.

To read this article in full, please click here

ComputerWorld Independent

Zero-day flaws mean it's time to patch Exchange and Windows

October 17, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

This month’s Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.

To read this article in full, please click here

ComputerWorld Independent

Zero-days flaws mean it's time to patch Exchange and Windows

October 14, 2022 0 Comments Microsoft, Microsoft Office, Security, small and medium business, Windows

To read this article in full, please click here

Security Sophos

Serious Security: Microsoft Office 365 attacked over feeble encryption

October 14, 2022 0 Comments Cryptography, ecb, Microsoft, office, Windows

Credit to Author: Paul Ducklin| Date: Fri, 14 Oct 2022 16:59:25 +0000

How 2022 is your encryption?

Security Sophos

Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!

October 12, 2022 0 Comments 0 day, Exploit, Microsoft, Patch Tuesday, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Wed, 12 Oct 2022 16:58:26 +0000

There’s a zero-day patch, but it’s not for the zero-day you thought.

ComputerWorld Independent

Critical zero-days make September's Patch Tuesday a 'Patch Now' release

September 16, 2022 0 Comments Microsoft, Security, small and medium business, Windows

With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month’s Patch Tuesday release gets a “Patch Now” priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)

To read this article in full, please click here

ComputerWorld Independent

When Windows updating goes bad — the case of the problematic patch

September 6, 2022 0 Comments Security, small and medium business, Windows, Windows 10, windows 11

Credit to Author: Susan Bradley| Date: Tue, 06 Sep 2022 04:08:00 -0700

Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you’re located). And each month, most users all apply the same updates.

But should we?

Case in point: KB5012170, a patch released on Aug. 9 that either causes no issues — or triggers Bitlocker recover key requests or won’t install at all, demanding that you go find a firmware update. This patch, called the Security update for Secure Boot DBX, applies to nearly all supported Windows releases. Specifically, it affects Windows Server 2012; Windows 8.1 and Windows Server 2012 R2; Windows 10, version 1507; Windows 10, version 1607 and Windows Server 2016; Windows 10, version 1809 and Windows Server 2019; Windows 10, versions 20H2, 21H1, and 21H2; Windows Server 2022; Windows 11, version 21H2 (original release), and Azure Stack HCI, version 1809, all the way to Azure Stack Data Box, version 1809 (ASDB).

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday update addresses 123 vulnerabilities, two critical zero-days

August 13, 2022 0 Comments Microsoft, Security, small and medium business, Windows

Credit to Author: Greg Lambert| Date: Sat, 13 Aug 2022 04:58:00 -0700

Microsoft’s August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it’s back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update, it will require planning and testing before deployment.

The first (CVE-2022-34713) occurs in the Windows diagnostic tools and the second (CVE-2022-30134) affects Microsoft Exchange. Basically, the holidays are over and it’s time to pay attention to Microsoft updates again. We have made “Patch Now” recommendations for Windows, Exchange and Adobe for this month.

To read this article in full, please click here

ComputerWorld Independent

Microsoft urges Windows users to run patch for DogWalk zero-day exploit

August 10, 2022 0 Comments Security, small and medium business, Windows

Credit to Author: Charlotte Trueman| Date: Wed, 10 Aug 2022 07:37:00 -0700

Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.

The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.

To read this article in full, please click here