-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Prove your patching prowess
Is Patch Tuesday the bane of your existence? Take our quiz and learn best practices for better patch management. Security Quiz
-
Patch management quiz answers
Security Quiz Answer
-
Curing the Patch Management Headache: Common Issues with Testing
In this excerpt from Chapter 8 of Curing the Patch Management Headache, author Felicia M. Nicastro explains the importance of properly testing patches and the common challenges some organizations face. Book Chapter
-
Pitching patch: RFP bakeoff
Information Security magazine asked vendors to propose a patch system for a fictional enterprise. Their responses reveal more than just their product spec sheets. Information Security maga
-
Pitching patch: BigFix
Information Security maga
-
Infosec Know IT All Trivia: Patch management
Get up to speed on patch management with our trivia. Quiz
-
Adobe makes pitch for defensive security research to cripple exploit writing
Adobe security and privacy director Brad Arkin urges the security industry to develop technologies that make exploit writing costly. News | 03 Feb 2012
-
Oracle repairs two database flaws, issues 78 patches to product line
The two database patches represented a record low for repairs to Oracle’s database management system since the CPU program began in 2005. News | 18 Jan 2012
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News | 10 Jan 2012
-
Microsoft January 2012 Patch Tuesday issues Windows Media fix, resolves SSL protocol weakness
Microsoft’s January 2012 Patch Tuesday included one critical security bulletin, addressing dangerous Windows Media errors that could be exploited remotely to gain access to a victim’s computer. News | 10 Jan 2012
-
January 2012 Patch Tuesday: Microsoft to fix eight flaws in Windows, developer tools
The software giant will issue seven bulletins, including one critical, as part of its January 2012 Patch Tuesday security updates. News | 05 Jan 2012
-
Microsoft emergency update to address hash collision attacks
A critical update affects all versions of Microsoft .NET Framework and other programming languages. The vulnerability could allow denial-of-service attacks. News | 29 Dec 2011
-
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft’s 13 security bulletins included critical Windows and Windows Media Player updates. News | 13 Dec 2011
-
Microsoft prepares for 14 bulletins, no indication of Duqu repair
Microsoft is preparing to addressing 20 vulnerabilities for its December Patch Tuesday, including flaws in Internet Explorer, Windows Media Player and Microsoft Publisher News | 08 Dec 2011
-
Adobe security update being issued for zero-day in Reader, Acrobat for Windows
Adobe has issued a warning about a critical zero-day vulnerability in Adobe Reader and Acrobat for Windows. An emergency security update is scheduled. News | 07 Dec 2011
-
One critical bulletin, no Duqu patch, in November 2011 Patch Tuesday updates
Microsoft’s November 2011 Patch Tuesday security update features four bulletins, one critical, but no patch for the kernel-level vulnerability exploited by the Duqu Trojan. News | 08 Nov 2011
- See More: News on Security patch management and Windows Patch Tuesday news
-
Windows MBSA scan demo: Conducting a Windows security review
In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review. Tip
-
Zero-day vulnerabilities and the patch management process: To test or not to test?
Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing. Tip
-
How to test Windows operating system patches
Windows patch testing may be easy when it comes to applications like Outlook. Tom Chmielarski reviews how to test more difficult updates to the operating system. Tip
-
Use virtual patching to ease short-staffed patch management procedures
Virtual patching can serve as a quick way to deal with patch management procedures when short staffed. But how effective is virtual patching? Michael Cobb explains the pros and cons of virtual patching in this technical tip. Tip
-
Server Message Block Version 2 security in question: Disable or patch?
Nick Lewis reviews the recent vulnerability discovered in a popular Windows file-sharing and printing protocol. Yes, there's a patch, but should you deploy it, or simply disable SMBv2? Tip
-
Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?
The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Windows Vista and Windows Server 2008 to its bag of tri... Tip
-
Database patch denial: How 'critical' are Oracle's CPUs?
A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security defenses or find Oracle's patches to be more of a nuisan... Tip
-
Worst practices: Encryption conniptions
Through the years, SearchSecurity.com's expert contributors have no doubt spent much of their time pointing out a variety of security best practices. But what about the worst practices? In honor of April Fools' Day, network security expert Mike Chapp... Tip
-
ANI cursor flaw offers lessons in Vista security
Microsoft's recent animated cursor (ANI) vulnerability, as well as the software giant's response to it, caused some in the security industry to question the software giant's strategy. But there are two sides to every story. In this tip, Michael Cobb ... Tip
-
NetChk Protect 5.5
Information Security magazine's contributing editor, Wayne Rash , reviews Shavlik Technologies NetChk Protect 5.5 Tip
- See More: Tips on Security patch management and Windows Patch Tuesday news
-
How Microsoft security assessment tools can benefit your enterprise
Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment. Answer
-
Valuable third-party patch deployment software, tools
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise. Ask the Expert
-
Is a full vulnerability disclosure strategy a responsible approach?
When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the question in this response. Ask the Expert
-
Creating a third-party security policy to prevent a software exploit
Third-party software vulnerabilities are one of the most likely attack vectors in the information security landscape today. In this expert response, Nick Lewis discusses how to prevent these vulnerabilities from becoming exploits. Ask the Expert
-
What patch management metrics does Project Quant use?
In this Q&A, expert Michael Cobb reviews the open patch management metrics model called Project Quant. Ask the Expert
-
Should management processes change based on a patch release schedule?
Expert Michael Cobb explains why planned patch release schedules, though helpful, may alter they way you handle the deployment of your own updates. Ask the Expert
-
Should Windows Mobile updates come from Microsoft?
As mobile phones become more like mini PCs, they need similar add-on security tools and patch processes to keep them safe. Michael Cobb reviews how to manage Windows Mobile updates. Ask the Expert
-
When is it suitable to remove Java updates?
In this expert response, Michael Cobb explains when older Java updates should be removed from client systems. Ask the Expert
-
How to manage patches for Adobe
If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain. Ask the Expert
-
When should a virtual patch be used?
Learn how virtual patches can help administrators review, test and schedule official patch updates and find out about the benefits a virtual patch provides, such as protection against identified vulnerabilities. Ask the Expert
- See More: Expert Advice on Security patch management and Windows Patch Tuesday news
-
Patch Tuesday
Patch Tuesday, also known as Black Tuesday, is the second Tuesday of each month, when Microsoft releases the newest fixes for its Windows operating system and related software applications. Word
-
attack vector
Word
-
back door
Word
-
zero-day exploit
A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known...(Continued) Word
-
ethical worm
Word
-
IT patch management best practices: Overcoming the challenges
This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes. Video
-
Gartner’s Neil MacDonald on IE9 security, Apple security issues
In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers. Video
-
Adobe: Automatic updates and creating 'perfect' software
Brad Arkin discusses Adobe's addition of automatic update downloads for Reader and Acrobat, and why it took Adobe so long to offer automatic updates. Plus he tackles the feasibility of making "perfect" software. Video
-
Vulnerability mitigation study shows need for faster patching
Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle. Video
-
Adobe makes pitch for defensive security research to cripple exploit writing
Adobe security and privacy director Brad Arkin urges the security industry to develop technologies that make exploit writing costly. News
-
Oracle repairs two database flaws, issues 78 patches to product line
The two database patches represented a record low for repairs to Oracle’s database management system since the CPU program began in 2005. News
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News
-
Microsoft January 2012 Patch Tuesday issues Windows Media fix, resolves SSL protocol weakness
Microsoft’s January 2012 Patch Tuesday included one critical security bulletin, addressing dangerous Windows Media errors that could be exploited remotely to gain access to a victim’s computer. News
-
January 2012 Patch Tuesday: Microsoft to fix eight flaws in Windows, developer tools
The software giant will issue seven bulletins, including one critical, as part of its January 2012 Patch Tuesday security updates. News
-
Microsoft emergency update to address hash collision attacks
A critical update affects all versions of Microsoft .NET Framework and other programming languages. The vulnerability could allow denial-of-service attacks. News
-
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft’s 13 security bulletins included critical Windows and Windows Media Player updates. News
-
Microsoft prepares for 14 bulletins, no indication of Duqu repair
Microsoft is preparing to addressing 20 vulnerabilities for its December Patch Tuesday, including flaws in Internet Explorer, Windows Media Player and Microsoft Publisher News
-
Adobe security update being issued for zero-day in Reader, Acrobat for Windows
Adobe has issued a warning about a critical zero-day vulnerability in Adobe Reader and Acrobat for Windows. An emergency security update is scheduled. News
-
Windows MBSA scan demo: Conducting a Windows security review
In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review. Tip
- See More: All on Security patch management and Windows Patch Tuesday news
About Security patch management and Windows Patch Tuesday news
Patch management can be a full-time job by itself. Get advice on how to install a patch, patch deployment, tools, and policy. Also learn how to protect systems, such as Microsoft Windows, from flaws and vulnerabilities with the latest Patch Tuesday updates and fixes.