Patch Tuesday


July 10, 2018

Patch Tuesday, July 2018 Edition "...14 updates to fix more than 50 security flaws in Windows and associated software."

https://krebsonsecurity.com/2018/07/patch-tuesday-july-2018-edition/

Microsoft and Adobe each issued security updates for their products today. Microsoft’s July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat.

According to security firm Qualys, all but two of the “critical” fixes in this round of updates apply to vulnerabilities in Microsoft’s browsers — Internet Explorer and Edge.


June 12, 2018

Microsoft Patch Tuesday, June 2018 Edition "...updates to fix more than four dozen security holes in Windows...."

https://krebsonsecurity.com/2018/06/microsoft-patch-tuesday-june-2018-edition/

Microsoft today pushed out a bevy of software updates to fix more than four dozen security holes in Windows and related software. Almost a quarter of the vulnerabilities addressed in this month’s patch batch earned Microsoft’s “critical” rating, meaning malware or miscreants can exploit the flaws to break into vulnerable systems without any help from users.

...the most important patched vulnerability is a remote code execution vulnerability in the Windows Domain Name System (DNS), which is present in all versions of supported versions of Windows from Windows 7 to Windows 10 as well as all versions of Windows Server from 2008 to 2016.


May 08, 2018

Microsoft Patch Tuesday, May 2018 Edition "...at least 67 holes in its various Windows operating systems...."

https://krebsonsecurity.com/2018/05/microsoft-patch-tuesday-may-2018-edition/

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness.

Microsoft users will need to install this month’s batch of patches to get the latest Flash version for IE/Edge, where most of the critical updates in this month’s patch batch reside.


April 10, 2018

Adobe, Microsoft Push Critical Security Fixes "...at least 65 security vulnerabilities in Windows...."

https://krebsonsecurity.com/2018/04/adobe-microsoft-push-critical-security-fixes-12/

Adobe and Microsoft each released critical fixes for their products today, a.k.a “Patch Tuesday,” the second Tuesday of every month. Adobe updated its Flash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities in Windows and associated software.

The Microsoft updates impact many core Windows components, including the built-in browsers Internet Explorer and Edge, as well as Office, the Microsoft Malware Protection Engine, Microsoft Visual Studio and Microsoft Azure.


March 13, 2018

Flash, Windows Users: It’s Time to Patch "...updates covering more than 75 vulnerabilities...."

https://krebsonsecurity.com/2018/03/flash-windows-users-its-time-to-patch/

Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release.

The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server.


February 13, 2018

Microsoft Patch Tuesday, February 2018 Edition "...more than 50 serious weaknesses...."

https://krebsonsecurity.com/2018/02/microsoft-patch-tuesday-february-2018-edition/

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.

Some of the scarier bugs include vulnerabilities in Microsoft Outlook, Edge and Office that could let bad guys or bad code into your Windows system just by getting you to click on a booby trapped link, document or visit a compromised/hacked Web page.


January 10, 2018

Microsoft’s Jan. 2018 Patch Tuesday Lowdown "....the 56 vulnerabilities addressed...."

https://krebsonsecurity.com/2018/01/microsofts-jan-2018-patch-tuesday-lowdown/

Microsoft on Tuesday released 14 security updates, including fixes for the Spectre and Meltdown flaws detailed last week, as well as a zero-day vulnerability in Microsoft Office that is being exploited in the wild. Separately, Adobe pushed a security update to its Flash Player software.

Of the 56 vulnerabilities addressed in the January Patch Tuesday batch, at least 16 earned Microsoft’s critical rating, meaning attackers could exploit them to gain full access to Windows systems with little help from users.


December 12, 2017

Patch Tuesday, December 2017 Edition "....patch batch addresses more than 30 vulnerabilities...."

https://krebsonsecurity.com/2017/12/patch-tuesday-december-2017-edition/

The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe’s got another security update available for its Flash Player software.

The December patch batch addresses more than 30 vulnerabilities in Windows and related software. As per usual, a huge chunk of the updates from Microsoft tackle security problems with the Web browsers built into Windows. (more)

November 14, 2017

Adobe, Microsoft Patch Critical Cracks "....more than four-dozen security holes...."

https://krebsonsecurity.com/2017/11/adobe-microsoft-patch-critical-cracks/

It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.

Four of the vulnerabilities Microsoft fixed today have public exploits, but they do not appear to be used in any active malware campaigns, according to Gill Langston at security vendor Qualys. Perhaps the two most serious flaws likely to impact Windows end users involve vulnerabilities in Microsoft browsers Internet Explorer and Edge. (more)


October 11, 2017

Microsoft’s October Patch Batch Fixes 62 Flaws "....fix at least 62 security vulnerabilities in Windows...."

https://krebsonsecurity.com/tag/october-2017-patch-tuesday/

Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.

Roughly half of the flaws Microsoft addressed this week are in the code that makes up various versions of Windows, and 28 of them were labeled “critical” — meaning malware or malicious attackers could use the weaknesses to break into Windows computers remotely with no help from users. (more)


September 13, 2017

Adobe, Microsoft Plug Critical Security Holes "....close to 80 separate security problems in various versions of its Windows operating system...."

https://krebsonsecurity.com/tag/patch-tuesday-september-2017/

Adobe and Microsoft both on Tuesday released patches to plug critical security vulnerabilities in their products. Microsoft’s patch bundles fix close to 80 separate security problems in various versions of its Windows operating system and related software — including two vulnerabilities that already are being exploited in active attacks. Adobe’s new version of its Flash Player software tackles two flaws that malware or attackers could use to seize remote control over vulnerable computers with no help from users.

Of the two zero-day flaws being fixed this week, the one in Microsoft’s ubiquitous .NET Framework (CVE-2017-8759) is perhaps the most concerning. Despite this flaw being actively exploited, it is somehow labeled by Microsoft as “important” rather than “critical” — the latter being the most dire designation. (more)


August 8, 2017

Critical Security Fixes from Adobe, Microsoft "....patches to plug 48 security holes in Windows...."

https://krebsonsecurity.com/tag/microsoft-patch-tuesday-august-2017/

Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on.

More than two dozen of the vulnerabilities fixed in today’s Windows patch bundle address “critical” flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user. (more)


July 11, 2017

Adobe, Microsoft Push Critical Security Fixes "....at least 54 security flaws...."

https://krebsonsecurity.com/tag/microsoft-patch-tuesday-july-2017/

It’s Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe’s got a new version of its Flash Player available that addresses at least three vulnerabilities.

The updates from Microsoft concern many of the usual program groups that seem to need monthly security fixes, including Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange. (more)


June 13, 2017

Microsoft, Adobe Ship Critical Fixes "....94 security holes....."

https://krebsonsecurity.com/2017/06/microsoft-adobe-ship-critical-fixes/

Microsoft today released security updates to fix almost a hundred flaws in its various Windows operating systems and related software. One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. Separately, Adobe has pushed critical updates for its Flash and Shockwave players, two programs most users would probably be better off without.

According to security firm Qualys, 27 of the 94 security holes Microsoft patches with today’s release can be exploited remotely by malware or miscreants to seize complete control over vulnerable systems with little or no interaction on the part of the user. (more)