Articles about Patch Tuesday

Next week's round of Patch Tuesday updates from Microsoft is set to be the biggest so far this year with 16 bulletins in total, five of which are rated Critical and nine as Important.

Most of the Critical bulletins are for Windows components and affect a range of supported systems. Karl Sigler, Threat Intelligence Manager at Trustwave says, "If you are currently running a supported version of Windows, you will want to update as soon as these updates become available. These are some of the nastier vulnerabilities we've seen in Windows in a while".

Continue reading →

As all Windows users will know, the second Tuesday in each month means it's patch time. So that system admins don’t get caught out Microsoft has published its advanced notification ahead of August's Patch Tuesday.

So what can we expect to see in this round of updates? There are nine bulletins in total for software including Internet Explorer, Windows and Office. Two are rated "critical" as they allow for remote code execution.

Continue reading →

It’s Patch Tuesday, and Microsoft has issued six security bulletins including two which are rated "critical" and allow for Remote Code Execution (RCE), and three which are labeled "important" and allow for elevation of privilege inside Windows. The final patch is rated "moderate" and fixes a Denial of Service vulnerability in the Service Bus for Windows.

The patches affect all versions of Internet Explorer, as well as most versions of Windows. XP users are at risk from these vulnerabilities, but are not covered by the updates.

Continue reading →

January's Patch Tuesday has seen only four bulletins, with no Critical ones (hooray!) and no patches for Internet Explorer. However, the four bulletins are rated Important and users should apply the related patches as soon as possible.

According to security specialist Trustwave two of the vulnerabilities result in a privilege elevation and a third involves remote code execution utilizing an Office document.

Continue reading →

This week, November 12th to be precise, is that holiday we have come to call Patch Tuesday. It's the day when Microsoft rolls out fixes for bugs, both small and large, in its software, from Windows to Office and more. This month's releases are of particular interest, not because of what the company is fixing, but what it has chosen to leave unpatched.

November's update includes eight patches, three of which have been tagged as 'critical'. Microsoft even promises it "will host a webcast to address customer questions on the security bulletins on November 13, 2013, at 11:00 AM Pacific Time".

Continue reading →

Next week’s Patch Tuesday will see a number of security patches for Windows 8.1 including three that get the top Critical rating. According to Microsoft’s advanced notification on TechNet the three critical updates address remote code execution issues in Windows and Internet Explorer.

There are also five more updates flagged as Important, three for Windows and two for Office. The three Critical bulletins also apply to Windows XP and will be among the last for the 12-year-old operating system before support ends in April next year.

Continue reading →

Tomorrow is what is commonly known as Patch Tuesday in the lands of Microsoft and Adobe. It's the time of the month when the two software giants attempt to fix the bugs and security holes in their software by issuing a series of updates that are intended to benefit users. The practice of waiting to issue these updates is debatable, especially when exploits are available in the wild.

These updates, at least in the case of Microsoft, can also cause as much harm as good. Given that possibility, security company GFI issued an advisory in advance of the upcoming patches. "In light of the reboot loop problems resulting from the Microsoft patches issued in April, businesses need to have the ability to test patches, or have a trusted third-party test them, before deploying on corporate networks and PCs, in order to minimize potential downtime caused by a faulty patch"  says Cristian Florian, product manager at GFI Software.

Continue reading →

For the most part Microsoft's Windows updates, known as Patch Tuesday, aim to fix problems as opposed to causing them. That is not always the case, and the most recent update, which took place this week, is a shining example of what happens when good intentions go bad.

On April 9th Microsoft released two "critical" security updates and seven others rated as "important" for both Windows and Internet Explorer as part of its latest round of updates, collectively covering 14 issues. However one of those fixes, labeled KB2823324 and aimed at the Windows 7 file system kernel-mode driver, went badly for some customers. The result was reports of blue screens of death (BSOD) and also infinite reboots.

Continue reading →

Windows Update is supposed to keep Surface RT shipshape, particularly Security Tuesday updates. But the January 8 bundle causes problems for some Surface users, and Microsoft acknowledges there is an issue.

In an offical statement given to BetaNews: "Some Windows RT customers who attempted to apply monthly security bulletins had issues installing updates. Specifically, impacted Windows RT devices went into connected standby mode during the installation of updates from Windows Update, causing Windows Update to be disrupted. We apologize for any inconvenience this may have caused and are working to correct the issue".

Continue reading →

Patch Tuesday came and went last week without Microsoft addressing a glaring error -- a zero-day flaw in Internet Explorer versions 6 through 8 that attackers use to gain control of a computer. The defect did not affect IE versions 9 and 10, which have been called more secure by some experts.

Now the company is rolling out an uncharacteristic out-of-cycle patch to fix the bug. This follows a manual fix the company released earlier to help users of these legacy browsers protect themselves from attack.

Continue reading →

Welcome to the second Tuesday of the month, the day that has become universally known in tech circles as Patch Tuesday. It is that one day when Microsoft chooses to reach out and touch our computers in an effort to fix whatever has gone wrong or been exploited over the past month. Even during the Consumer Electronics Show we cannot escape Microsoft -- Steve Ballmer made a surprise appearance on stage last night, and now there is this.

For January 2013 there are several fixes in store for customers. There is of course the obligatory Malicious Software Removal Tool update, which appears almost every month. The tool works in the background in an effort to keep PC's safe. Most customers never know it is there because it does not appear in any app list, but if needed, you can launch it from "Run" by typing "MRT".

Continue reading →

Cloud IT management platform Panorama9 on Tuesday introduced Mac patch management to its pay-as-you-go solution, unifying Windows and Mac OS patch deployment in its IT dashboard.

We first looked at Panorama9 in October when the company added Mac and Linux support to its contract-free asset and compliance management platform. The service itself is still very new, and is rapidly growing its functionality in the interest of providing small and medium sized businesses affordable cloud IT services.

Continue reading →

Microsoft's monthly Patch Tuesday is not until January 10, but the company is not waiting to patch a critical flaw in computers with the ASP.NET framework installed. The issue affects all currently supported versions of Windows, according to a security bulletin from the company.

According to Microsoft's description of the flaw, an issue exists in how the framework handles certain web request. If an attacker sends a request in a certain way, it could allow for elevation of privilege that may result in the execution of arbitrary code. The flaw is not easy to exploit, however, as the attacker needs to know some information about the victim.

Continue reading →

Microsoft's patch Tuesday has fallen on state- and local election day this month, and as such, is relatively lightweight, with just one "critical" bulletin, two "important," and one "moderate."

The critical bulletin (MS11-083) is for a TCP/IP vulnerability that could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a Vista SP2 (32- and 64-bit,) Windows Server 2008 SP2 (32-bit, x64, Itanium,) Windows 7 for x64-based systems, or Windows Server 2008 R2 SP1 (x64, Itanium) system.

Continue reading →

Download Adobe Reader 9.3 for Windows from Fileforum now.

Usually on a Patch Tuesday, the discussion turns to Microsoft; but amid a very light round of Windows fixes, it's Adobe in the spotlight today. Last month, a serious and potentially easily exploitable vulnerability was found in a JavaScript API call, DocMedia.NewPlayer -- a situation where an intentionally crafted PDF file could invoke the call, deallocate the memory allocated when the media player is generated, and then execute the code in that de-allocated memory, without need for privilege.

Continue reading →