Microsoft patches the security update 2823324

Microsoft is making another attempt to close the privilege elevation hole in the NTFS filesystem鈥檚 kernel driver for Windows聽7 and Server 2008, including R2. The new patch, 2840149, supersedes security update 2823324, which Microsoft released on its April Patch Tuesday. However, shortly after releasing it, the software giant had to recall the first update because it caused problems with various third-party programs; it crippled computers and triggered error messages....

April 24, 2013 路 1 min 路 146 words 路 Omid Farhang

Microsoft to plug holes in Windows Defender in Patch Tuesday

Microsoft鈥檚 Patch Tuesday on 9 April will be an important spring cleaning day; the company plans to implement nine security bulletins. One of the bulletins deals with vulnerabilities in Windows Defender for Windows 8 and RT; the hole is rated as important and can be exploited to achieve elevated privileges. The headline bulletins will be the two critical security holes, one of which affects all versions of Windows and Windows Server, and another critical vulnerability which can be found in all versions of Internet Explorer....

April 5, 2013 路 1 min 路 190 words 路 Omid Farhang

Microsoft's Patch Tuesday will close a critical Windows vulnerability

The H-Security: Next week鈥檚 Patch Tuesday sees Microsoft planning to publish a total of six bulletins, including one that addresses a critical vulnerability in all versions of Windows from Windows XP service pack 3 to Windows 7 service pack 1 and Windows Server 2008 R2. The rating means that the hole enables attackers to infect a system via the internet and inject malicious code. Other bulletins will address a privilege elevation flaw which affects the same span of Windows versions....

March 10, 2012 路 1 min 路 171 words 路 Omid Farhang

Microsoft's Patch Tuesday fixes critical vulnerabilities

The H-Online: As expected, Microsoft has released nine bulletins to close a total of 21 holes in its products. Four of the bulletins close critical vulnerabilities in Windows, Internet Explorer, .NET and Silverlight, including an issue in the Windows kernel-mode drivers that became publicly known in December of last year. The company advises those responsible for prioritizing update deployment to focus on the critical patches for Internet Explorer and the C Runtime Library in Windows, as these could be exploited by an attacker to remotely execute arbitrary code on a victim鈥檚 system....

February 15, 2012 路 2 min 路 340 words 路 Omid Farhang

Patch Tuesday 鈥 Minor movements鈥

Hey Admins鈥. It鈥檚 that time again. The second Tuesday is upon us and May so far hasn鈥檛 been demanding as far as patching goes. So far 鈥. this month Microsoft has only issued two security announcements. MS10-030 and MS10-031. Microsoft has rated both as critical 鈥 and both could result in remote code being executed. MS10-030 resolves an integer overflow in POP3 & IMAP mail responses to Outlook Express and Windows Mail鈥....

May 11, 2010 路 1 min 路 198 words 路 Omid Farhang

Plenty of Updates on Patch Tuesday

Many patches are announced for tomorrow: The Redmond company expects to release 11 security bulletins. Of those 5 are rated critical, 5 important and 1 moderate. The patches belonging to the bulletins will close 25 security vulnerabilities in Windows, Exchange and in Office. Adobe plans to deliver security updates for critical vulnerabilities in Adobe Reader and Acrobat for all supported platforms tomorrow. Additionally, the automatic updater will be activated with the patches so in future updates get installed silent....

April 12, 2010 路 1 min 路 79 words 路 Omid Farhang

Adobe Patch Tuesday news: auto updater coming

Adobe has announced that it will release an updater along with Adobe Reader and Acrobat versions 9.3.2 and 8.2.2 on patch Tuesday next week. On the Adobe blog, Steve Gottwals wrote: 鈥溾e have been testing a new updater technology with select beta customers since our October 13, 2009 quarterly update. The purpose of the new updater is to keep end-users up-to-date in a much more streamlined and automated way. 鈥淒uring our quarterly update on January 12, 2010, and then again for an out-of-cycle update on February 16, 2010, we exercised the new updater with our beta testers....

April 9, 2010 路 1 min 路 197 words 路 Omid Farhang

Patch Tuesday next week

Microsoft has put the PC-using world on notice that next Tuesday there will be 11 bulletins released addressing 25 vulnerabilities in Windows, Exchange and Office. Jerry Bryant, Group Manager of Microsoft鈥檚 Response Communications, said: 鈥淚 also want to point out to customers that we will be closing the following open Security Advisories with next week鈥檚 updates: 鈥 Microsoft Security Advisory 981169 鈥 Vulnerability in VBScript could allow remote code execution....

April 8, 2010 路 1 min 路 87 words 路 Omid Farhang

It's not dead yet: Microsoft's out-of-band IE6 fix impacts IE8

Last month, Microsoft sent flowers to a mock funeral for Internet Explorer 6, in a show of support for the ideal that the old browser should be declared defunct worldwide. But for a few years yet, the company is still bound to support the product for those users (generally businesses) who refuse to upgrade it. That鈥檚 why new exploits that continue to target old browsers, such as IE6 and IE7, continue to get attention even a full year after the proper security fix 鈥 IE8 鈥 has been deployed....

March 30, 2010 路 2 min 路 292 words 路 Omid Farhang

Internet Explorer 0-day targeted in spam runs

Hot on the heels of the Patch Tuesday announcements yesterday, came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link....

March 12, 2010 路 1 min 路 190 words 路 Omid Farhang