Video Screencast Help

Security Response

Showing posts tagged with Microsoft Patch Tuesday
Showing posts in English
Robert Keith | 14 Dec 2010 19:21:07 GMT

Hello and welcome to this month’s blog on the Microsoft patch release. This is another large release —the vendor is releasing 17 bulletins covering a total of 40 vulnerabilities.

Eight of the issues are rated ‘Critical’ and they affect Internet Explorer and the OpenType Font (OTF) format driver. The remainder of the issues are rated ‘Important’ or ‘Moderate’ and affect Publisher, Office, SharePoint, Windows, Windows kernel, Exchange, and Hyper-V. Included in this patch release is a fix for the last of the vulnerabilities Stuxnet was exploiting, the Windows Task Scheduler issue.

 As always, customers are advised to follow these security best practices:

-     Install vendor patches as soon as they are available.

-     Run all software with the least privileges required while still maintaining functionality.

-     Avoid handling files from...

Robert Keith | 09 Nov 2010 19:50:44 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a relatively light month —the vendor is releasing three bulletins covering a total of 11 vulnerabilities. One of the issues is rated “Critical” and it affects Microsoft Office when handling malicious RTF (rich text format) files. The remainder of the issues are rated ‘Important’ and affect Office, PowerPoint, and Forefront Unified Access Gateway (UAG). As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.

- Run all software with the least privileges required while still maintaining functionality.

- Avoid handling files from unknown or questionable sources.

- Never visit sites of unknown or questionable integrity.

- Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the...

Robert Keith | 12 Oct 2010 21:24:12 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is, by far, the largest Patch Tuesday release since the start of the program. The vendor is releasing 16 bulletins covering a total of 49 vulnerabilities, including one of the zero-day vulnerabilities used by the Stuxnet threat.

Five of the issues are rated “Critical” and affect Internet Explorer, Embedded OpenType Fonts, .NET, and Media Player. The majority of the issues being addressed this month affect Excel (13 issues), Office (11 issues), and Internet Explorer (10 issues). The remaining issues affect Windows kernel-mode drivers, SChannel, OpenType Fonts, Shared Cluster Disks, Common Control Library, Local Procedure Call (LPC), Microsoft Foundation Classes (MFC), Active Template Library, Sharepoint, and Groove.

 As always, customers are advised to follow these security best practices:
 
-     Install vendor patches as soon as...

Robert Keith | 14 Sep 2010 19:43:49 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is an average size month for releases —the vendor is releasing nine bulletins covering a total of 11 vulnerabilities.

Four of the issues are rated “Critical” and affect Windows, Office, and Outlook. Of particular note is the issue in the Windows Print Spooler service. That issue is currently being exploited by the Stuxnet malware and can be exploited remotely to completely compromise an affected computer. The remaining issues, rated “Important”, affect Windows, WordPad, and Internet Information Services (IIS).

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.

- Run all software with the least privileges required while still maintaining functionality.

- Avoid handling files from unknown or questionable sources.

- Never visit sites of unknown or...

Robert Keith | 10 Aug 2010 20:00:40 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This month’s release is the largest bulletin count since the start of the Patch Tuesday program, and a tie for the largest number of vulnerabilities addressed—the vendor is releasing 14 bulletins covering a total of 34 vulnerabilities.

Fourteen of the issues are rated “Critical” and affect Windows, SMB Server, Internet Explorer, Word, and Silverlight. Of particular note, the SMB Server issue can be exploited remotely, without authentication, to completely compromise an affected computer. The remaining issues, rated “Important” and “Moderate,” affect SMB Server, Windows, Word, and Excel.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources....

Robert Keith | 13 Jul 2010 18:06:47 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing four bulletins covering a total of five vulnerabilities.

Four of the issues are rated “Critical” and affect Help and Support Center, Access, and the Canonical Display Driver. The Help and Support Center issue was originally made public on June 10 of this year, and has seen in-the-wild exploit attacks. The remaining issue, rated “Important,” affects Outlook and can be exploited to bypass Outlook’s detection of unsafe file types when dealing with attachments. All of the issues are client-side, and require an attacker to trick a victim into performing some action in order to exploit.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid...

Robert Keith | 08 Jun 2010 19:35:22 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly busy month—the vendor is releasing 10 bulletins covering a total of 34 vulnerabilities.

Six of the issues are rated “Critical” and affect Data Analyzer ActiveX, Internet Explorer 8 Developer Tools, Internet Explorer, and Windows. All of the “Critical” issues are client-side and can result in remote code-execution in the context of the currently logged-in user if an attacker can trick an unsuspecting victim into performing some action. There are also a record number of issues affecting Excel, with 14 vulnerabilities being discovered in that program, 13 of which are remote code execution.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or...

Robert Keith | 11 May 2010 17:55:51 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing two bulletins covering a total of two vulnerabilities.

Both of the issues are rated “Critical” and affect Windows Mail, Windows Live Mail, Outlook Express, Office, and Visual Basic for Applications (VBA). Both issues are client-side and can result in remote code-execution in the context of the currently logged-in user if an attacker can trick an unsuspecting victim into performing some action.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key...

Robert Keith | 13 Apr 2010 18:57:25 GMT

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly busy month—the vendor is releasing 11 bulletins covering a total of 25 vulnerabilities.

Nine of the issues are rated “Critical” and affect SMB client, Media Services, DirectShow, Media Player, and Windows Authenticode Signature Verification. The SMB and Windows Authenticode Signature Verification vulnerabilities have the potential to result in a complete system compromise upon successful exploitation. The remaining issues are rated “Important” and “Moderate” and affect ISATAP, Exchange, VBScript, Publisher, Visio, and the Windows kernel.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of...