Sunday, November 24, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

windows

ComputerWorld Independent 

Time to install the August Windows patches — but watch out for the bugs

admin , ,

Credit to Author: Woody Leonhard| Date: Fri, 06 Sep 2019 08:16:00 -0700

August brought loads of drama to the Windows and Office patching scene. Microsoft’s first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection. 

Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced “wormable” malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft Patch Alert: Full of sound and fury, signifying nothing

admin , , , ,

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

To read this article in full, please click here

Read more
Security Sophos 

August, 2019 Patch Tuesday Targets Remote Desktop and Active Directory

admin , , , , , , , ,

Credit to Author: SophosLabs Offensive Security| Date: Fri, 30 Aug 2019 16:28:14 +0000

Among the 94 vulnerabilities fixed this month by Microsoft, 29 are rated as Critical. Most importantly, the Remote Desktop Protocol (RDP) and its associated service (RDS) collect a total of 6 CVEs, which seems to show a renewed interest in the RDP protocol by vulnerability researchers; two of those classified as wormable (CVE-2019-1181 and CVE-2019-1182) [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/1hDq4cmGQ80″ height=”1″ width=”1″ alt=””/>

Read more
ComputerWorld Independent 

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV

admin , ,

Credit to Author: Woody Leonhard| Date: Wed, 28 Aug 2019 06:07:00 -0700

If you’re using Symantec Endpoint Protection or any Norton Antivirus product on a Windows 7 or Server 2008 R2 machine, you didn’t get the August patches. Shortly after the August Monthly Rollup and Security-only patches were released, Microsoft put a freeze on systems running Symantec or Norton antivirus products.

The conflict stemmed from a long-anticipated change in the way Microsoft signed the August patches: Starting in August, all patches are signed using the SHA-2 encryption method. Somehow, Symantec didn’t get the message back in November that the shift was underway, and missed the deadline.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers

admin , , ,

Credit to Author: Gregg Keizer| Date: Mon, 26 Aug 2019 03:00:00 -0700

Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.

“Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit,” Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.

Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.

To read this article in full, please click here

Read more
Security Sophos 

Blocking attacks against Windows “CTF” vulnerabilities

admin , , ,

Credit to Author: Mark Loman| Date: Thu, 22 Aug 2019 16:53:35 +0000

Operating systems and run-time environments typically provide some form of isolation between applications. For example, Windows runs each application in a separate process. This isolation stops code running in one application from adversely affecting other, unrelated applications. This means a non-administrative user mode process can&#8217;t access or tamper with kernel code and data, and an [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/N06wKBdEugM” height=”1″ width=”1″ alt=””/>

Read more
MalwareBytes Security 

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

admin , , , , , , , , , , , , , , ,

Credit to Author: Jovi Umawing| Date: Wed, 21 Aug 2019 15:56:45 +0000

Researchers called it KNOB, a clever attack against the firmware of a Bluetooth chip that can allow hackers to successfully hijack paired devices and steal their sensitive data. Are users at risk?

Categories:

Tags:

(Read more…)

The post Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks appeared first on Malwarebytes Labs.

Read more