Monday, November 25, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

windows

ComputerWorld Independent 

Microsoft Patch Alert: Patching whack-a-mole continues

admin , , , ,

Credit to Author: Woody Leonhard| Date: Thu, 30 May 2019 04:16:00 -0700

In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new “Download and install now” feature.

The May 2019 Windows updates have taken so many twists and turns it’s hard to pin things down, but as of Thursday morning, here’s what we’ve seen.

Windows 10 cumulative updates

As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you’ve chosen for your machine), you’ve been pushed one or two of them. If you’re a “seeker” (and clicked “Check for updates” or downloaded and installed the patches), you’ve had at least two, and maybe three. Got that?

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft sets post-retirement patching record with Windows XP fix – 5 years after support ended

admin , , ,

Credit to Author: Gregg Keizer| Date: Thu, 16 May 2019 10:03:00 -0700

Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.

Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.

“If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows,” Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. “Even so, we are making fixes available for these out-of-support versions of Windows.”

To read this article in full, please click here

Read more
ComputerWorld Independent 

If you’re running Windows XP, 7 or associated Servers, patch them

admin , ,

Credit to Author: Woody Leonhard| Date: Wed, 15 May 2019 07:13:00 -0700

As of very early Wednesday morning, I don’t hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There’s still much we don’t know about the “WannaCry-like” security hole in pre-Win8 versions of Windows — more about that in a moment — but all indications at this point lead me to believe that it’s smarter to patch now and figure out how to fix any damage later.

The cause is a bug in Microsoft’s Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it’s connected to the internet. Not all machines are vulnerable. But the number of exposed machines — the size of the honey jar — makes it likely that somebody will come up with a worm shortly.

To read this article in full, please click here

Read more
Security Sophos 

May, 2019 Patch Tuesday addresses critical remote desktop, DHCP bugs

admin , , , , , , , ,

Credit to Author: Andrew Brandt| Date: Tue, 14 May 2019 17:34:07 +0000

The vulnerabilities were so potentially harmful, Microsoft released updates for no-longer-supported Windows XP and Server 2003<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/wDsmYlJCQ2o” height=”1″ width=”1″ alt=””/>

Read more
ComputerWorld Independent 

Now’s the time to install the April Windows and Office patches

admin , , ,

Credit to Author: Woody Leonhard| Date: Fri, 03 May 2019 07:04:00 -0700

April was a tough month for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 customers who ran specific antivirus products. Blue screens, freezes, slow-as-sludge drippings all bedeviled a large number of Sophos, Avira, Avast, AVG and even McAfee users.

Looks like we’re over that hump, with the AV manufacturers scurrying to fix their wares.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft tells IT admins to nix 'obsolete' password reset practice

admin ,

Credit to Author: Gregg Keizer| Date: Tue, 30 Apr 2019 03:00:00 -0700

Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.

The company called the practice – once a cornerstone of enterprise identity management – “ancient and obsolete” as it told IT administrators that other approaches are much more effective in keeping users safe.

“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value,” Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing

admin , , , ,

Credit to Author: Woody Leonhard| Date: Mon, 29 Apr 2019 09:32:00 -0700

You have to wonder who’s testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn’t show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month – the mythical “E week” that Microsoft never talks about – so the month may yet end with both a bang and whimper.

To read this article in full, please click here

Read more