Home
Topics
Application and Platform Security
Enterprise Vulnerability Management
Security patch management and Windows Patch Tuesday news

Microsoft addresses Duqu Trojan related code

Experts suggest patience when dealing with this month’s round of Microsoft updates.
attack vector

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.
Microsoft program breach prompted RDP exploit

Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March.
Patch Tuesday: Microsoft to repair 23 flaws

Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework.

Security patch management and Windows Patch Tuesday news

Essential Knowledge
News
Tips
Expert Advice
Definitions
Multimedia
All

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Information security book excerpts and reviews

Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
Prove your patching prowess

Is Patch Tuesday the bane of your existence? Take our quiz and learn best practices for better patch management. Security Quiz
Patch management quiz answers

Security Quiz Answer
Curing the Patch Management Headache: Common Issues with Testing

In this excerpt from Chapter 8 of Curing the Patch Management Headache, author Felicia M. Nicastro explains the importance of properly testing patches and the common challenges some organizations face. Book Chapter
Pitching patch: RFP bakeoff

Information Security magazine asked vendors to propose a patch system for a fictional enterprise. Their responses reveal more than just their product spec sheets. Information Security maga
Pitching patch: BigFix

Information Security maga
Infosec Know IT All Trivia: Patch management

Get up to speed on patch management with our trivia. Quiz

May 2012 Patch Tuesday: Microsoft fixes Duqu Trojan ghost code

Experts suggest patience when dealing with this month’s round of Microsoft updates. News | 08 May 2012
Microsoft program breach led to early RDP vulnerability exploit

Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March. News | 03 May 2012
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday

Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework. News | 03 May 2012
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says

The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News | 25 Apr 2012
Microsoft April 2012 Patch Tuesday repairs critical IE flaws, ActiveX control issue

Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems. News | 10 Apr 2012
April 2012 Patch Tuesday: Microsoft to issue six bulletins, four critical

Microsoft’s six bulletins include critical server repairs, Internet Explorer updates and a critical update of its .NET Framework. News | 05 Apr 2012
Adobe Flash Player patch fixes critical holes, releases silent automatic updater

Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2 News | 29 Mar 2012
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday

Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News | 13 Mar 2012
Six bulletins, one critical, expected for March 2012 Patch Tuesday

Microsoft’s March bundle of updates repairs seven vulnerabilities, including a critical Windows flaw. News | 08 Mar 2012
Adobe Flash Player update repairs two vulnerabilities, introduces “Priority” ratings

Adobe Flash Player update addresses two vulnerabilities that can be targeted by attackers to execute malicious code and obtain sensitive information. News | 06 Mar 2012
See More: News on Security patch management and Windows Patch Tuesday news

Windows MBSA scan demo: Conducting a Windows security review

In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review. Tip
Zero-day vulnerabilities and the patch management process: To test or not to test?

Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing. Tip
How to test Windows operating system patches

Windows patch testing may be easy when it comes to applications like Outlook. Tom Chmielarski reviews how to test more difficult updates to the operating system. Tip
Use virtual patching to ease short-staffed patch management procedures

Virtual patching can serve as a quick way to deal with patch management procedures when short staffed. But how effective is virtual patching? Michael Cobb explains the pros and cons of virtual patching in this technical tip. Tip
Server Message Block Version 2 security in question: Disable or patch?

Nick Lewis reviews the recent vulnerability discovered in a popular Windows file-sharing and printing protocol. Yes, there's a patch, but should you deploy it, or simply disable SMBv2? Tip
Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?

The Microsoft Baseline Security Analyzer has always been useful at scanning Windows environments for the presence or absence of security updates. Now, see how the latest version adds support for Windows Vista and Windows Server 2008 to its bag of tri... Tip
Database patch denial: How 'critical' are Oracle's CPUs?

A recent survey found that a considerable number of users are outright rejecting Oracle's Critical Patch Updates, perhaps suggesting database administrators feel comfortable with their security defenses or find Oracle's patches to be more of a nuisan... Tip
Worst practices: Encryption conniptions

Through the years, SearchSecurity.com's expert contributors have no doubt spent much of their time pointing out a variety of security best practices. But what about the worst practices? In honor of April Fools' Day, network security expert Mike Chapp... Tip
ANI cursor flaw offers lessons in Vista security

Microsoft's recent animated cursor (ANI) vulnerability, as well as the software giant's response to it, caused some in the security industry to question the software giant's strategy. But there are two sides to every story. In this tip, Michael Cobb ... Tip
NetChk Protect 5.5

Information Security magazine's contributing editor, Wayne Rash , reviews Shavlik Technologies NetChk Protect 5.5 Tip
See More: Tips on Security patch management and Windows Patch Tuesday news

How Microsoft security assessment tools can benefit your enterprise

Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment. Answer
Valuable third-party patch deployment software, tools

Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise. Ask the Expert
Is a full vulnerability disclosure strategy a responsible approach?

When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the question in this response. Ask the Expert
Creating a third-party security policy to prevent a software exploit

Third-party software vulnerabilities are one of the most likely attack vectors in the information security landscape today. In this expert response, Nick Lewis discusses how to prevent these vulnerabilities from becoming exploits. Ask the Expert
What patch management metrics does Project Quant use?

In this Q&A, expert Michael Cobb reviews the open patch management metrics model called Project Quant. Ask the Expert
Should management processes change based on a patch release schedule?

Expert Michael Cobb explains why planned patch release schedules, though helpful, may alter they way you handle the deployment of your own updates. Ask the Expert
Should Windows Mobile updates come from Microsoft?

As mobile phones become more like mini PCs, they need similar add-on security tools and patch processes to keep them safe. Michael Cobb reviews how to manage Windows Mobile updates. Ask the Expert
When is it suitable to remove Java updates?

In this expert response, Michael Cobb explains when older Java updates should be removed from client systems. Ask the Expert
How to manage patches for Adobe

If you're dealing with a continuous flow of patches, particularly from Adobe, application security expert Michael Cobb feels your pain. Ask the Expert
When should a virtual patch be used?

Learn how virtual patches can help administrators review, test and schedule official patch updates and find out about the benefits a virtual patch provides, such as protection against identified vulnerabilities. Ask the Expert
See More: Expert Advice on Security patch management and Windows Patch Tuesday news

attack vector

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Definition
zero-day exploit

A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known...(Continued) Definition
Patch Tuesday

Patch Tuesday, also known as Black Tuesday, is the second Tuesday of each month, when Microsoft releases the newest fixes for its Windows operating system and related software applications. Definition
back door

A back door is a means of access to a computer program that bypasses security mechanisms. Definition
ethical worm

An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities. Definition

IT patch management best practices: Overcoming the challenges

This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes. Video
Gartner’s Neil MacDonald on IE9 security, Apple security issues

In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers. Video
Adobe: Automatic updates and creating 'perfect' software

Brad Arkin discusses Adobe's addition of automatic update downloads for Reader and Acrobat, and why it took Adobe so long to offer automatic updates. Plus he tackles the feasibility of making "perfect" software. Video
Vulnerability mitigation study shows need for faster patching

Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle. Video

May 2012 Patch Tuesday: Microsoft fixes Duqu Trojan ghost code

Experts suggest patience when dealing with this month’s round of Microsoft updates. News
attack vector

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Definition
Microsoft program breach led to early RDP vulnerability exploit

Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March. News
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday

Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework. News
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says

The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News
Microsoft April 2012 Patch Tuesday repairs critical IE flaws, ActiveX control issue

Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems. News
April 2012 Patch Tuesday: Microsoft to issue six bulletins, four critical

Microsoft’s six bulletins include critical server repairs, Internet Explorer updates and a critical update of its .NET Framework. News
Adobe Flash Player patch fixes critical holes, releases silent automatic updater

Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2 News
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday

Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News
Six bulletins, one critical, expected for March 2012 Patch Tuesday

Microsoft’s March bundle of updates repairs seven vulnerabilities, including a critical Windows flaw. News
See More: All on Security patch management and Windows Patch Tuesday news

About Security patch management and Windows Patch Tuesday news

Patch management can be a full-time job by itself. Get advice on how to install a patch, patch deployment, tools, and policy. Also learn how to protect systems, such as Microsoft Windows, from flaws and vulnerabilities with the latest Patch Tuesday updates and fixes.

Latest Headlines

Featured

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Security patch management and Windows Patch Tuesday news

Email Alerts

About Security patch management and Windows Patch Tuesday news

More from Related TechTarget Sites