Monday, November 25, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

windows

Microsoft Security 

Attack inception: Compromised supply chain within a supply chain poses new risks

admin , , , , , , , , , , , , , , ,

Credit to Author: Windows Defender ATP| Date: Thu, 26 Jul 2018 13:00:13 +0000

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners, making the apps legitimate installer the unsuspecting carrier of a

Read more

Read more
ComputerWorld Independent 

July Windows .Net patches appear, disappear, reappear, disappear again

admin ,

Credit to Author: Woody Leonhard| Date: Mon, 23 Jul 2018 05:15:00 -0700

Microsoft’s July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks after they were first unleashed, poorly documented versions of the patches now appear to be available, but are not being actively pushed. There’s no indication from Microsoft if and/or when they’ll be fixed.

These patches, originally released on Patch Tuesday, July 10, are baring their FAANGs:

  • KB 4340556 — Security and Quality Rollup updates for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1
  • KB 4340557 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012
  • KB 4340558 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2
  • KB 4340559 — Security and Quality Rollup updates for .Net Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008

The patches had been out for less than a day when we started seeing error reports on AskWoody. As I noted on July 12:

To read this article in full, please click here

Read more
Microsoft Security 

March-April 2018 test results: More insights into industry AV tests

admin , , , , , , ,

Credit to Author: Windows Defender ATP| Date: Fri, 20 Jul 2018 19:30:38 +0000

In a previous post, in the spirit of our commitment to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions, we shared insights and context into the results of AV-TESTs January-February 2018 test cycle. We released a transparency report to help our customers and the broader security community to stay informed

Read more

Read more
ComputerWorld Independent 

Microsoft dives down a bizarre non-cumulative rabbit hole with July patches

admin ,

Credit to Author: Woody Leonhard| Date: Fri, 20 Jul 2018 09:02:00 -0700

Read more
ComputerWorld Independent 

Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches

admin ,

Credit to Author: Woody Leonhard| Date: Tue, 17 Jul 2018 09:21:00 -0700

In what is becoming a common occurrence, Microsoft’s Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month, unusually, it took only six days to get the exterminators out.

Since these fixes are aimed at four specific bugs introduced on Patch Tuesday, they don’t include the massive patches normally appearing on the second Patch Whateverday of the month. My guess is we’ll see at least one more big set of Windows patches before the month is out. Oh, boy.

Windows July patches, version 2

Yesterday, Monday, July 16, Microsoft released 27 new security patches for Windows, bringing the total number of patches so far this month up to 156. The new patches fall into six separate groups:

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft yanks buggy Office 2016 patch KB 4018385, republishes all of this month’s patch downloads

admin , ,

Credit to Author: Woody Leonhard| Date: Fri, 13 Jul 2018 06:43:00 -0700

As I reported yesterday, the July 2018 Windows and Office patches teem with bugs. We’re just beginning to see the fallout.

The July 3 non-security Office 2016 patch KB 4018385 is officially yanked. If you don’t recall KB 4018385 — a small patch in a sea of Office fixes — the original KB article describes it thusly:

To read this article in full, please click here

Read more
ComputerWorld Independent 

Patch Tuesday problems abound, Server 2016 crashes, and a .Net patch goes down in flames

admin ,

Credit to Author: Woody Leonhard| Date: Thu, 12 Jul 2018 06:18:00 -0700

You know it’s going to be an Alice in Wonderland month when some sites report that Microsoft plugged 54 vulnerabilities on Patch Tuesday, while others report 53. Fact is, patching has become so brutal — and so banal — that there’s no consensus on counting, much less on what’s good and bad.

Suffice to say that, once again this month, there was a huge number of security patches (129 individual patches, according to the Microsoft Update Catalog), with no pressing security fixes unless you’re using the Edge browser or Internet Explorer. Microsoft changed Win10 version 1803 to “Semi-Annual Channel,” but the term now means less than it ever has before. If that’s possible.

To read this article in full, please click here

Read more
Microsoft Security 

Machine learning vs. social engineering

admin , , , , , , , , , , , , , , , , , , , , , ,

Credit to Author: Windows Defender ATP| Date: Thu, 07 Jun 2018 13:00:56 +0000

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,

Read more

Read more