Windows PCs

Microsoft delayed its February security update slate to finish patching critical flaws in Windows that a hacker gang tried to sell, several security experts have argued.

“Looks like Microsoft had been informed by ‘someone,’ and purposely delayed [February’s] Patch Tuesday to successfully deliver MS17-010,” tweeted Matt Suiche, founder of Dubai-based security firm Comae Technologies.

MS17-010, one of several security bulletins Microsoft issued in March, was just one of several cited Friday by the Redmond, Wash. developer when it said it had already patched most of the vulnerabilities exploited by just-leaked hacking tools.

Those tools — 12 different Windows exploits — had been included in a large data dump made April 14 by a hacker group dubbed Shadow Brokers, which is believed to have ties to Russia. The exploits, as well as a trove of documents, had been stolen from the National Security Agency (NSA), Shadow Brokers claimed.

To read this article in full or to leave a comment, please click here

Microsoft on Friday said it had patched most of the Windows vulnerabilities purportedly exploited by the National Security Agency (NSA) using tools that were leaked last week.

The Windows flaws were disclosed by the hacking gang Shadow Brokers in a large data dump earlier Friday. The group has released several collections of documents about the internal operations of the NSA, and the code it allegedly has used to compromise computers and other devices worldwide.

“Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” Phillip Misner, a group manager in the Microsoft Security Response Center (MSRC), wrote in a post to a company blog.

To read this article in full or to leave a comment, please click here

Microsoft this week began blocking Windows 7 and 8.1 PCs equipped with the very newest processors from receiving security updates, making good on a policy it announced but did not implement last year.

But the company also refused to provide security fixes to Windows 7 systems that were powered by AMD’s “Carrizo” CPUs, an architecture that was supposed to continue receiving patches.

The decree that led to the update bans, whether allowable or not under Microsoft’s new policy, was revealed in January 2016, when the company said making Windows 7 and Windows 8.1 run on the latest processors was “challenging.” Microsoft then ruled that Windows 10 would be the only supported edition on seventh-generation and later CPUs and simultaneously dictated a substantial shortening of support of both editions.

To read this article in full or to leave a comment, please click here

After last month’s rather brief Patch Tuesday from Microsoft, we see the largest ever release of updates for Windows and Microsoft Office — and of course another critical update for Adobe Flash Player.

For this March update, we see an unusually large number of critical updates — nine patches rated as critical and the remaining nine rated by Microsoft as important. In addition to this large cohort of patches, we also get a security advisory with KB3123479.

We have added both browser patches (MS17-006 and MS17-007) and the Adobe Flash Player update (MS17-023) to our “Patch Now” list. In addition, the core XML Services patch (MS17-022), though only rated as important by Microsoft, attempts to resolve a publicly disclosed zero-day flaw. MS17-022 was therefore also added to our “Patch Now” list.

To read this article in full or to leave a comment, please click here

Microsoft today postponed the retirement of the security bulletins that for nearly two decades have described in detail the month’s slate of vulnerabilities and accompanying patches.

The bulletins’ last stand was originally scheduled for January, with a replacement process ready to step in Feb. 14. Rather than a set of bulletins, Microsoft was to provide a searchable database of support documents dubbed the “Security Updates Guide” or SUG.

But just hours before February’s security updates were to be released, Microsoft announced that it was postponing the entire collection to March 14, citing “a last-minute issue” that might impact some customers. The Redmond, Wash. company never spelled out exactly what led it to decide on the unprecedented delay.

To read this article in full or to leave a comment, please click here