Microsoft Patch Tuesday and patch management
- November 08, 2016
The November 2016 Patch Tuesday includes a patch for a Windows zero-day reportedly being exploited by Russian hackers, as well as bulletins experts think may be underrated by Microsoft.
- November 03, 2016
A Windows zero-day disclosed by Google caught Microsoft between patch cycles, and experts questioned whether Microsoft downplayed the severity of the vulnerability.
- November 02, 2016
Google disclosed an unpatched Windows zero-day vulnerability, which Microsoft claims is actively being exploited by a Russian APT group connected to the DNC hack.
- October 27, 2016
Surprise! It's time, again, for another critical Adobe Flash patch to fix a remote code execution vulnerability reported by the Google Threat Analysis Group.
- October 14, 2016
News roundup: As Adobe patches 83 vulnerabilities in Flash Player, Acrobat and Reader, the good news is none have been exploited in the wild -- yet. Plus, IoT threats and more.
- October 11, 2016
Microsoft's October 2016 Patch Tuesday changes the structure of the release to the monthly rollup and starts out by taking on five zero-day flaws.
- September 21, 2016
Symantec patched another set of serious file parsing flaws in its antivirus products, which were discovered by Google Project Zero researcher Tavis Ormandy.
- September 15, 2016
Oracle's lack of response to security researchers raises more questions after a zero-day MySQL vulnerability was reported, though patches may have already been released.
- September 14, 2016
Microsoft's Patch Tuesday will change drastically in October, and experts disagree whether the new monthly Windows rollup will make patching simpler or more of a hassle.
- September 13, 2016
Microsoft's September 2016 Patch Tuesday is what many would consider a standard bulletin release with a major focus on fixes related to web browser security.
- August 31, 2016
The antivirus industry has been under fire lately, and Microsoft's Windows 10 Anniversary update has added new troubles for antivirus software vendors.
- August 09, 2016
Microsoft's August 2016 Patch Tuesday focuses on critical browser vulnerabilities in Edge and Internet Explorer, as well as flaws with Microsoft Office and PDF Library.
- July 22, 2016
Oracle patches its biggest batch yet of security fixes in this quarter's CPU cycle.
- July 12, 2016
Adobe Reader bugs take center stage for the July 2016 Patch Tuesday, as Microsoft has a smaller bulletin list of fixes for its products.
- July 08, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.
- June 29, 2016
A raft of new Symantec and Norton antivirus vulnerabilities exposed by Google Project Zero are 'as bad as it gets,' according to Tavis Ormandy: RCE, no user interaction and wormable.
- June 15, 2016
SAP vulnerability patched, finally: The Java flaw was originally patched in 2010 but became the subject of an unprecedented US-CERT alert in May.
- June 14, 2016
Microsoft's June 2016 Patch Tuesday release is not the most important of the day according to experts, instead another Adobe Flash zero-day vulnerability gets the spotlight.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- May 17, 2016
Google Project Zero disclosed a Symantec vulnerability that can be exploited with zero interaction and was described being as bad as it can possibly get.
- May 13, 2016
DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.
- May 10, 2016
Microsoft's May 2016 Patch Tuesday takes aim at an IE zero-day vulnerability, which experts say is the top priority, as well as a couple server-side flaws to keep an eye on.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- April 21, 2016
Oracle patches 136 security flaws in various products and a number of vulnerabilities were rated more critical because of a switch to CVSS 3.0.
- April 14, 2016
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 12, 2016
Microsoft's April 2016 Patch Tuesday includes a patch for Badlock, a vulnerability which experts call "overhyped," but the most important patches may need extra care to apply.
- March 31, 2016
The serious Badlock vulnerability in Windows and Samba, announced three weeks prior to patches, triggers a debate over responsible disclosure of software flaws.
- March 16, 2016
A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.
- March 09, 2016
Patching systems can be time-consuming and troublesome, so one expert suggests crowdsourced vulnerability patching to make the process faster and easier.
- March 08, 2016
Microsoft's March 2016 Patch Tuesday release has put Windows 10 security on display for good and bad, experts say.
- February 26, 2016
Roundup: Microsoft EMET is vulnerable to exploit; it's time to update to v5.5.Plus; Dell, IBM and Gemalto research reports claim cybercriminals are getting smarter, bigger and faster.
- February 09, 2016
Microsoft's February 2016 Patch Tuesday release goes after Adobe Flash vulnerabilities and more Windows Journal flaws.
- January 29, 2016
A new OpenSSL patch fixes a severe encryption flaw and strengthens the protocol against the Logjam vulnerability.
- January 26, 2016
Fortinet denies that a vulnerability found in many of its products is a true backdoor, but finds that the flaw is more widespread than once thought.
- January 14, 2016
A Microsoft Silverlight patch becomes more important as researchers claim it may be a Hacking Team zero day that has been known for years.
- January 12, 2016
Microsoft's January 2016 Patch Tuesday started the year with the IE end of life for older versions of the browser and an important address-spoofing patch.
- December 30, 2015
Just weeks after its biggest security update of the year, Adobe issued emergency patches for a new round of Flash bugs, including one already being exploited by attackers.
- December 08, 2015
Microsoft's December 2015 Patch Tuesday brought a number of fixes to Windows, including a patch for a DNS query bug and zero-day flaws in the Windows kernel and Microsoft Office.
- November 13, 2015
News roundup: WebSphere, JBoss, Jenkins and more hit by Java vulnerability in an open source library. Plus, SAP HANA deals with critical vulnerabilities, and more.
- November 11, 2015
Microsoft's November 2015 Patch Tuesday delivers 12 total bulletins, four of which are critical, and one issue with font handling that angers one expert.
- November 10, 2015
The NSA published its vulnerability disclosure policy, which aims to balance intelligence benefits with security, but experts said the policy raises more questions than it answers.
- October 22, 2015
Oracle patches 154 flaws in its quarterly update. Experts said patches need to be released faster, but Oracle stands by its release schedule.
- October 19, 2015
Adobe has released an emergency patch for Flash zero-day vulnerabilities that have been exploited in the wild in attacks on foreign affairs ministries.
- October 13, 2015
Microsoft's October 2015 Patch Tuesday has the fewest number of bulletins of any release this year, and is also the first of the year to not feature any patches related to zero-day exploits.
- October 01, 2015
A new study has found that although flaws are most likely to be exploited within 60 days of discovery, companies can take between 100 and 120 days for vulnerability remediation.
- September 08, 2015
Microsoft's September 2015 Patch Tuesday is available now and includes five critical bulletins, two of which tackle remote code execution flaws affecting Microsoft Office.
- August 11, 2015
Microsoft's August 2015 Patch Tuesday may not be as packed with danger as a typical release, according to one expert, but does include critical bulletins for Microsoft Office and even one for the new Edge browser.
- August 07, 2015
News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.
- July 21, 2015
A Windows zero-day affecting a wide swath of Microsoft products has been found in the Hacking Team data leak, so Microsoft has released an out-of-band patch to fix the vulnerability.
- July 15, 2015
Researchers discovered two more vulnerabilities in Adobe Flash player stemming from the breach of Italian surveillance software vendor Hacking Team.
- July 14, 2015
July 2015's Patch Tuesday shows both Microsoft and Adobe working fast to patch four Hacking Team zero-day vulnerabilities exposed in the past week.
- July 14, 2015
The Windows Server 2003 end of life is upon us and many organizations still haven't made the upgrades or security remediations necessary to mitigate the coming risks.
- July 10, 2015
News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.
- July 08, 2015
Adobe patches a Flash zero-day vulnerability found as part of the massive data breach of Hacking Team. Experts recommend speedy remediation as the flaw has been added to multiple exploit kits.
- July 07, 2015
The OpenSSL project team will release a critical patch on Thursday and experts warn admins that the upgrade process could take days or weeks to complete.
- June 26, 2015
New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!
- June 23, 2015
Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.
- June 09, 2015
Microsoft's June 2015 Patch Tuesday features eight bulletins, including a critical update for Internet Explorer and Windows Media Player. Plus: Adobe releases fix for 13 Flash vulnerabilities.
- May 12, 2015
Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts.
- May 06, 2015
Microsoft Ignite 2015 showed that Microsoft may have rethought the Tuesday part of Patch Tuesday, but Windows Update is stronger than ever.
- April 29, 2015
Secunia's quarterly Personal Software Inspector (PSI) report shows that while OS and application patching has remained steady, users may be ignoring end-of-life software and the risks associated with it.
- April 17, 2015
A critical vulnerability in Windows HTTP.sys was detailed as part of Microsoft's April Patch Tuesday, and the flaw is already being actively exploited in the wild.
- April 16, 2015
The latest Oracle Critical Patch Update includes fixes for close to 100 vulnerabilities, but one expert says there is a critical update for Java on the desktop that needs immediate attention.
- April 14, 2015
Microsoft's April 2015 Patch Tuesday release is lighter than usual with 11 total bulletins, but experts say that system admins should immediately install a critical HTTP.sys patch for Windows Server.
- April 14, 2015
The new 'Redirect to SMB' vulnerability is an update to an 18-year-old flaw that can lead to man-in-the-middle attacks on all versions of Windows.
- March 25, 2015
Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.
- March 16, 2015
Update: Microsoft has re-released Enhanced Mitigation Experience Toolkit version 5.2 to correct a bug involving IE 11.
- March 10, 2015
Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes, but surprisingly, an expert says one of the fixes deemed non-critical actually demands immediate attention.
- March 05, 2015
The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.
- February 25, 2015
Google's Project Zero has added more leeway to its vulnerability disclosure policy, but industry observers are split on whether 90 days is enough time to fix software flaws, or not enough time to manage a sensitive, resource-intensive process.
- February 10, 2015
Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw.
- February 06, 2015
News roundup: With the proposed 2016 federal budget and push for a national data breach law, Washington may finally care about cybersecurity. Plus: Coviello to retire; Flash patched again; Sony Pictures breached by Russians and loses its co-chair.
- February 02, 2015
Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.
- January 30, 2015
News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.
- January 23, 2015
News roundup: An of onslaught Adobe, Oracle, OpenSSL, Chrome and Firefox patches highlights the sad state of software security in 2015. Plus, security budgets increasing; HealthCare.gov security woes; false-positive alerts cost millions annually.
- January 19, 2015
For the third time in one month, Microsoft couldn't meet Google's 90-day public disclosure deadline, leading to Project Zero's disclosure, though experts say this Windows zero-day vulnerability may have little value to attackers.
- January 13, 2015
Microsoft's January 2015 Patch Tuesday updates include a critical Windows update for Telnet, and a fix for a controversial Windows 8.1 flaw disclosed two weeks ago. Plus: An expert says Adobe's critical Flash Player fix demands immediate attention.
- November 17, 2014
Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections.
- March 19, 2008
Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.
- March 05, 2008
Security experts say IT pros should be more concerned about the risks created by misconfigured networks than all the flaws and exploit code they read about.