RSS Reader for Computer Security Articles
Credit to Author: Sophos Italia| Date: Mon, 20 May 2019 05:30:57 +0000
Microsoft ha rilasciato una patch per una vulnerabilità nei suoi Remote Desktop Services che può essere sfruttata in remoto, tramite RDP<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/kd1iObK7GwI” height=”1″ width=”1″ alt=””/>
Read More
Credit to Author: Woody Leonhard| Date: Thu, 30 May 2019 04:16:00 -0700
In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new “Download and install now” feature.
The May 2019 Windows updates have taken so many twists and turns it’s hard to pin things down, but as of Thursday morning, here’s what we’ve seen.
As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you’ve chosen for your machine), you’ve been pushed one or two of them. If you’re a “seeker” (and clicked “Check for updates” or downloaded and installed the patches), you’ve had at least two, and maybe three. Got that?
Credit to Author: Gregg Keizer| Date: Thu, 16 May 2019 10:03:00 -0700
Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.
Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.
“If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows,” Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. “Even so, we are making fixes available for these out-of-support versions of Windows.”
Setting up a backup process in Azure is one way to quickly recover from a ransomware attack.
Credit to Author: Woody Leonhard| Date: Wed, 15 May 2019 07:13:00 -0700
As of very early Wednesday morning, I don’t hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There’s still much we don’t know about the “WannaCry-like” security hole in pre-Win8 versions of Windows — more about that in a moment — but all indications at this point lead me to believe that it’s smarter to patch now and figure out how to fix any damage later.
The cause is a bug in Microsoft’s Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it’s connected to the internet. Not all machines are vulnerable. But the number of exposed machines — the size of the honey jar — makes it likely that somebody will come up with a worm shortly.
Credit to Author: Andrew Brandt| Date: Tue, 14 May 2019 17:34:07 +0000
The vulnerabilities were so potentially harmful, Microsoft released updates for no-longer-supported Windows XP and Server 2003<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/wDsmYlJCQ2o” height=”1″ width=”1″ alt=””/>
Read More
Credit to Author: Woody Leonhard| Date: Fri, 03 May 2019 07:04:00 -0700
April was a tough month for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 customers who ran specific antivirus products. Blue screens, freezes, slow-as-sludge drippings all bedeviled a large number of Sophos, Avira, Avast, AVG and even McAfee users.
Looks like we’re over that hump, with the AV manufacturers scurrying to fix their wares.
Credit to Author: Gregg Keizer| Date: Tue, 30 Apr 2019 03:00:00 -0700
Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.
The company called the practice – once a cornerstone of enterprise identity management – “ancient and obsolete” as it told IT administrators that other approaches are much more effective in keeping users safe.
“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value,” Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.