Articles about Patch Tuesday

Yesterday was Patch Tuesday, and as such Microsoft released updates to fix a batch of problems with Windows 10.

There are fixes for security issues as well as other niggles, including addressing the PrintNightmare vulnerability. KB5004237 is available for Windows 10 versions 2004, 20H2 and 21H1, while KB5004245 is just for version 1909.

Continue reading →

Another Patch Tuesday has rolled around, and this month sees Microsoft releasing a bumper crop of update for Windows 10. In all, April's updates address a total of 108 flaws, 19 of which are considered Critical.

Four of the critical flaws are Exchange vulnerabilities discovered by the NSA, and there are also fixes for no fewer than five zero days. The patches also include fixes for an incredible 89 Important issues.

Continue reading →

This Patch Tuesday -- the second Tuesday of February, yesterday -- Microsoft released fixes for a slew of Windows 10 flaws. Included among a total of 56 vulnerabilities is a critical zero-day which was being actively exploited to gain admin privileges on victims' systems.

But the fix for CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability) is just one of 11 fixes for critical bugs this month. In addition, Microsoft has fixed two Moderate vulnerabilities, as well as 43 that are marked as Important.

Continue reading →

The latest report from Risk Based Security reveals that the number of vulnerability disclosures this year is back on track to reach or surpass 2019 after a decline in the first quarter.

Earlier in the year there had been a sharp decline of 19.2 percent in the number of vulnerabilities disclosed. But on the latest figures Risk Based Security's VulnDB team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a mere 4.6 percent gap when compared to last year.

Continue reading →

On Patch Tuesday last month, Microsoft kept up its track record of problematic updates. Users who installed KB4557957 or KB4560960 found they were plagued by problems with the Local Security Authority Subsystem Service (LSASS) and forced restarts.

Now the company has pushed out a new update, KB4565503, to address these issues and more.

Continue reading →

As part of this month's Patch Tuesday, Microsoft has issued a fix for a 17-year-old Windows DNS Server vulnerability. Known as SIGRed and tracked as CVE-2020-1350, the flaw is a serious one that has been assigned a CVSS base score of 10.0.

The vulnerability affects all version of Windows Server and is a wormable remote code execution flaw that requires no user interaction. In addition to issuing a critical patch, Microsoft has also provided details of a workaround for anyone who is unable to deploy the fix immediately

Continue reading →

Microsoft stopped supporting Windows XP back into 2014, but took the 'highly unusual' step of releasing a patch for the ancient OS two years ago in a bid to fightback against the WannaCry ransomware, and then included XP in that June’s Patch Tuesday updates.

You’d be forgiven for thinking that that would be the very last time Microsoft patched XP, but no. The software giant has included Windows XP and Windows Server 2003 (also no longer supported) in today’s Patch Tuesday fixes.

Continue reading →

Last month Microsoft made the decision to issue a "highly unusual" patch for Windows XP. Despite the fact the operating system has not been supported for some time, the patch was released in an attempt to thwart the WannaCrypt ransomware attacks.

Now, in an even more unusual move, Microsoft has chosen to include Windows XP in this month's Patch Tuesday. Windows Vista is also included in this batch of security updates which Microsoft says should address the "elevated risk of cyberattacks by government organizations."

Continue reading →

Following the revelation of vulnerabilities in Windows, Internet Explorer and Edge by Google, and the delaying of the traditional Patch Tuesday, Microsoft security update practices have been in the spotlight. Google's Project Zero has exposed security issues that Microsoft is yet to fix, so a third party has decided to step in to help out.

A new project going by the name of 0patch has created a "0patch" for a zero-day, addressing the Windows gdi32.dll memory disclosure (CVE-2017-0038) yet to be fixed by Microsoft. As the issue is unlikely to receive an official patch until at least the middle of March, this third-party option is all that's available for now.

Continue reading →

Patch Tuesday occurs on the second Tuesday of every month, and is when Microsoft releases security patches for all supported versions of Windows.

However, due to a "last minute issue," Microsoft was unable to push out the patches for February, and made the decision to delay them until next month, a move that understandably didn’t go down all that well with customers, and even led to Google publishing details of an unpatched Windows bug.

Continue reading →

For the past several years, Microsoft has released security patches on the second Tuesday of the month -- the so-called Patch Tuesday.

However, Microsoft missed the date this month and now says the new patches won’t arrive until the middle of next month.

Continue reading →

There we are: the last Patch Tuesday of 2015. It turns out to be about average, with maybe a bit more severity in the bulletins than usually. We have eight critical bulletins in the total 12, including one that fixes a 0-day vulnerability, currently in use by attackers to escalate privileges in Windows. 0-days used to be very rare occasions, but this year they have become almost mainstream.

After all the year started off with a string of 0-days in Adobe Flash and since then we have seen almost every month a patch for a vulnerability that is already under attack. Definitely a sign of the increasing technical capabilities that attackers are wielding and a reminder that IT Managers should not only patch their systems promptly, but also look for additional robustness.

Continue reading →

Keeping devices secure means ensuring that they're up to date with the latest software patches. For IT managers this can present a major logistical problem, especially where different operating systems are in use.

IT management systems specialist Shavlik is launching a new version of its Shavlik Protect patch management solution, as well as Empower, a platform that aggregates data to give IT departments more insight into and control over their systems.

Continue reading →

Earlier in the week, Google managed to raise the ire of Microsoft by publishing details of a vulnerability in Windows before a patch had been published. Now the same thing has happened again, but this time it's a double whammy. Google Security Research has revealed two more security holes that Microsoft is yet to fix.

Just as was the case a few days ago, Microsoft had been warned about the security problems and Google agreed to keep details private for a period of 90 days. Now the three months is up, details of the security issues have been automatically published, running the risk that users could be targeted.

Continue reading →

After last month's blizzard of patches tomorrow's last round of Windows updates for the year looks set to be rather quieter.

Only seven bulletins have been announced, of which three are rated Critical and four Important. Of the Critical patches one is for Internet Explorer, one for Office and one for Windows itself -- likely to be for a remote code execution vulnerability.

Continue reading →