Microsoft Patch Tuesday and patch management
- July 12, 2016
Adobe Reader bugs take center stage for the July 2016 Patch Tuesday, as Microsoft has a smaller bulletin list of fixes for its products.
- July 08, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.
- June 29, 2016
A raft of new Symantec and Norton antivirus vulnerabilities exposed by Google Project Zero are 'as bad as it gets,' according to Tavis Ormandy: RCE, no user interaction and wormable.
- June 15, 2016
SAP vulnerability patched, finally: The Java flaw was originally patched in 2010 but became the subject of an unprecedented US-CERT alert in May.
- June 14, 2016
Microsoft's June 2016 Patch Tuesday release is not the most important of the day according to experts, instead another Adobe Flash zero-day vulnerability gets the spotlight.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- May 17, 2016
Google Project Zero disclosed a Symantec vulnerability that can be exploited with zero interaction and was described being as bad as it can possibly get.
- May 13, 2016
DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.
- May 10, 2016
Microsoft's May 2016 Patch Tuesday takes aim at an IE zero-day vulnerability, which experts say is the top priority, as well as a couple server-side flaws to keep an eye on.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- April 21, 2016
Oracle patches 136 security flaws in various products and a number of vulnerabilities were rated more critical because of a switch to CVSS 3.0.
- April 14, 2016
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 12, 2016
Microsoft's April 2016 Patch Tuesday includes a patch for Badlock, a vulnerability which experts call "overhyped," but the most important patches may need extra care to apply.
- March 31, 2016
The serious Badlock vulnerability in Windows and Samba, announced three weeks prior to patches, triggers a debate over responsible disclosure of software flaws.
- March 16, 2016
A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.
- March 09, 2016
Patching systems can be time-consuming and troublesome, so one expert suggests crowdsourced vulnerability patching to make the process faster and easier.
- March 08, 2016
Microsoft's March 2016 Patch Tuesday release has put Windows 10 security on display for good and bad, experts say.
- February 26, 2016
Roundup: Microsoft EMET is vulnerable to exploit; it's time to update to v5.5.Plus; Dell, IBM and Gemalto research reports claim cybercriminals are getting smarter, bigger and faster.
- February 09, 2016
Microsoft's February 2016 Patch Tuesday release goes after Adobe Flash vulnerabilities and more Windows Journal flaws.
- January 29, 2016
A new OpenSSL patch fixes a severe encryption flaw and strengthens the protocol against the Logjam vulnerability.
- January 26, 2016
Fortinet denies that a vulnerability found in many of its products is a true backdoor, but finds that the flaw is more widespread than once thought.
- January 14, 2016
A Microsoft Silverlight patch becomes more important as researchers claim it may be a Hacking Team zero day that has been known for years.
- January 12, 2016
Microsoft's January 2016 Patch Tuesday started the year with the IE end of life for older versions of the browser and an important address-spoofing patch.
- December 30, 2015
Just weeks after its biggest security update of the year, Adobe issued emergency patches for a new round of Flash bugs, including one already being exploited by attackers.
- December 08, 2015
Microsoft's December 2015 Patch Tuesday brought a number of fixes to Windows, including a patch for a DNS query bug and zero-day flaws in the Windows kernel and Microsoft Office.
- November 13, 2015
News roundup: WebSphere, JBoss, Jenkins and more hit by Java vulnerability in an open source library. Plus, SAP HANA deals with critical vulnerabilities, and more.
- November 11, 2015
Microsoft's November 2015 Patch Tuesday delivers 12 total bulletins, four of which are critical, and one issue with font handling that angers one expert.
- November 10, 2015
The NSA published its vulnerability disclosure policy, which aims to balance intelligence benefits with security, but experts said the policy raises more questions than it answers.
- October 22, 2015
Oracle patches 154 flaws in its quarterly update. Experts said patches need to be released faster, but Oracle stands by its release schedule.
- October 19, 2015
Adobe has released an emergency patch for Flash zero-day vulnerabilities that have been exploited in the wild in attacks on foreign affairs ministries.
- October 13, 2015
Microsoft's October 2015 Patch Tuesday has the fewest number of bulletins of any release this year, and is also the first of the year to not feature any patches related to zero-day exploits.
- October 01, 2015
A new study has found that although flaws are most likely to be exploited within 60 days of discovery, companies can take between 100 and 120 days for vulnerability remediation.
- September 08, 2015
Microsoft's September 2015 Patch Tuesday is available now and includes five critical bulletins, two of which tackle remote code execution flaws affecting Microsoft Office.
- August 19, 2015
One week after Patch Tuesday, an out-of-band Microsoft security patch is available for a critical flaw in Internet Explorer that affects all supported versions of Windows and Windows Server.
- August 11, 2015
Microsoft's August 2015 Patch Tuesday may not be as packed with danger as a typical release, according to one expert, but does include critical bulletins for Microsoft Office and even one for the new Edge browser.
- August 07, 2015
News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.
- July 24, 2015
HP's Zero Day Initiative has disclosed four critical vulnerabilities found in Internet Explorer that could lead to remote code execution, but mistakenly labeled them as affecting Windows desktop rather than Windows Phone.
- July 21, 2015
A Windows zero-day affecting a wide swath of Microsoft products has been found in the Hacking Team data leak, so Microsoft has released an out-of-band patch to fix the vulnerability.
- July 15, 2015
Researchers discovered two more vulnerabilities in Adobe Flash player stemming from the breach of Italian surveillance software vendor Hacking Team.
- July 14, 2015
July 2015's Patch Tuesday shows both Microsoft and Adobe working fast to patch four Hacking Team zero-day vulnerabilities exposed in the past week.
- July 14, 2015
The Windows Server 2003 end of life is upon us and many organizations still haven't made the upgrades or security remediations necessary to mitigate the coming risks.
- July 10, 2015
News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.
- July 08, 2015
Adobe patches a Flash zero-day vulnerability found as part of the massive data breach of Hacking Team. Experts recommend speedy remediation as the flaw has been added to multiple exploit kits.
- July 07, 2015
The OpenSSL project team will release a critical patch on Thursday and experts warn admins that the upgrade process could take days or weeks to complete.
- June 26, 2015
New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!
- June 23, 2015
Adobe releases an emergency Flash Player patch for a zero-day flaw said to be used in a Chinese hacker group's phishing scheme.
- June 09, 2015
Microsoft's June 2015 Patch Tuesday features eight bulletins, including a critical update for Internet Explorer and Windows Media Player. Plus: Adobe releases fix for 13 Flash vulnerabilities.
- May 12, 2015
Microsoft's May 2015 Patch Tuesday has made 2015 this biggest year for patches through the first five months and is highlighted by two non-critical patches, according to experts.
- May 06, 2015
Microsoft Ignite 2015 showed that Microsoft may have rethought the Tuesday part of Patch Tuesday, but Windows Update is stronger than ever.
- April 29, 2015
Secunia's quarterly Personal Software Inspector (PSI) report shows that while OS and application patching has remained steady, users may be ignoring end-of-life software and the risks associated with it.
- April 17, 2015
A critical vulnerability in Windows HTTP.sys was detailed as part of Microsoft's April Patch Tuesday, and the flaw is already being actively exploited in the wild.
- April 16, 2015
The latest Oracle Critical Patch Update includes fixes for close to 100 vulnerabilities, but one expert says there is a critical update for Java on the desktop that needs immediate attention.
- April 14, 2015
Microsoft's April 2015 Patch Tuesday release is lighter than usual with 11 total bulletins, but experts say that system admins should immediately install a critical HTTP.sys patch for Windows Server.
- April 14, 2015
The new 'Redirect to SMB' vulnerability is an update to an 18-year-old flaw that can lead to man-in-the-middle attacks on all versions of Windows.
- March 25, 2015
Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.
- March 16, 2015
Update: Microsoft has re-released Enhanced Mitigation Experience Toolkit version 5.2 to correct a bug involving IE 11.
- March 10, 2015
Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes, but surprisingly, an expert says one of the fixes deemed non-critical actually demands immediate attention.
- March 05, 2015
The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.
- February 25, 2015
Google's Project Zero has added more leeway to its vulnerability disclosure policy, but industry observers are split on whether 90 days is enough time to fix software flaws, or not enough time to manage a sensitive, resource-intensive process.
- February 10, 2015
Microsoft's February 2015 Patch Tuesday release offers three critical fixes, including one for a dangerous Group Policy vulnerability, but does not patch a recently revealed IE XSS zero-day flaw.
- February 06, 2015
News roundup: With the proposed 2016 federal budget and push for a national data breach law, Washington may finally care about cybersecurity. Plus: Coviello to retire; Flash patched again; Sony Pictures breached by Russians and loses its co-chair.
- February 02, 2015
Trend Micro discovered a new zero-day bug in Adobe Flash that is being actively exploited in the wild. Adobe promises a patch for the vulnerability this week.
- January 30, 2015
News roundup: YouTube announced it has stopped using Flash by default in favor of HTML5. Is this the long-awaited end for Flash? Plus: Java was the riskiest software in 2014; BEC scam cost $215 last year; NFL data interceptions.
- January 26, 2015
Adobe's latest Flash zero day patch came Saturday, just two days after reports that the vulnerability was being exploited by drive-by-download attacks.
- January 23, 2015
News roundup: An of onslaught Adobe, Oracle, OpenSSL, Chrome and Firefox patches highlights the sad state of software security in 2015. Plus, security budgets increasing; HealthCare.gov security woes; false-positive alerts cost millions annually.
- January 19, 2015
For the third time in one month, Microsoft couldn't meet Google's 90-day public disclosure deadline, leading to Project Zero's disclosure, though experts say this Windows zero-day vulnerability may have little value to attackers.
- January 13, 2015
Microsoft's January 2015 Patch Tuesday updates include a critical Windows update for Telnet, and a fix for a controversial Windows 8.1 flaw disclosed two weeks ago. Plus: An expert says Adobe's critical Flash Player fix demands immediate attention.
- December 09, 2014
Capping a busy year of software updates, Microsoft's December 2014 Patch Tuesday release delivers three critical bulletins; separately Adobe offers a pair of critical fixes.
- November 18, 2014
Originally scheduled by Microsoft as part of its November Patch Tuesday release, the out-of-band patch resolves a serious security vulnerability in Kerberos.
- November 17, 2014
Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections.
- November 11, 2014
The zero-day patch was one of four critical bulletins Microsoft delivered as part of its largest Patch Tuesday release of 2014; a fifth critical bulletin was dropped at the last moment.
- September 09, 2014
Microsoft's September 2014 Patch Tuesday features four bulletins, including one critical update for Internet Explorer. Plus: Adobe releases a Flash fix, but delays a planned patch release for Reader and Acrobat.
- August 12, 2014
Beyond the usual slew of IE security patches, Microsoft's August 2014 Patch Tuesday made a couple of moves to improve the security of its browser.
- July 08, 2014
Microsoft's July 2014 Patch Tuesday release addressed two dozen flaws in Internet Explorer. Adobe also provided a critical update for Flash.
- July 07, 2014
Though Oracle has confirmed that Windows XP users will not see Java 8 updates for now, security support for Java 7 is still possible.
- June 10, 2014
June's patches fix an Internet Explorer 8 issue that Microsoft said was never exploited in the wild. Plus: Adobe issues a critical Flash Player patch.
- May 13, 2014
Microsoft's May 2014 Patch Tuesday features two critical security updates, including another fix for its beleaguered Internet Explorer browser.
- April 08, 2014
The April 2014 Patch Tuesday release features the final Office 2003 and XP security updates, as well as a fix for a recent Word zero-day.
- March 25, 2014
A new zero-day attack affecting versions of Word and Outlook uses remote code execution to gain user-level rights with a malicious RTF file.
- March 14, 2014
A pair of Adobe security updates this week patches three flaws involving Flash Player and Shockwave. The Flash patch should be applied quickly.
- March 11, 2014
Microsoft moved to address a lingering Internet Explorer zero-day vulnerability that was originally discovered by security vendor FireEye in February.
- February 23, 2014
Apple patched a critical iOS SSL flaw Friday that allows attackers to manipulate SSL/TLS data. The flaw exists in OS X too and has yet to be fixed.
- February 11, 2014
In a late addition to its February 2014 Patch Tuesday package, Microsoft offered fixes for critical, high-risk flaws in Internet Explorer and VBScript.
- October 08, 2013
Among its 26 patches, Microsoft's October 2013 Patch Tuesday release delivers the anticipated fix for a critical Internet Explorer zero-day flaw.
- September 10, 2013
The September 2013 Patch Tuesday releases included 13 bulletins from Microsoft, four deemed critical.
- August 13, 2013
The software giant issued three critical patches and 23 total fixes covering Windows, Internet Explorer and Exchange.
- July 09, 2013
July's Patch Tuesday found Microsoft rolling out seven patches, six of which are rated as critical.
- May 15, 2013
The software giant's May 2013 Patch Tuesday update permanently fixes the IE8 zero-day flaw found in the Dept. of Labor website attack.
- March 14, 2013
Secunia highlights the growing need for better third-party application security, plus Microsoft's security improvements, and the growing cost of zero-days.
- December 11, 2012
Microsoft released seven security bulletins, addressing flaws in Internet Explorer, Word and Windows kernel-mode drivers.
- December 06, 2012
In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word.
- November 13, 2012
Microsoft issued six bulletins in November's Patch Tuesday, including fixes in Internet Explorer, Windows Kernel and the .NET Framework.
- October 11, 2012
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft.
- October 04, 2012
Microsoft's October 2012 Patch Tuesday release, slated for Oct. 9, will address an RSA key-length certificate issue exposed by the Flame malware.
- September 21, 2012
Microsoft issued an out-of-band security bulletin, addressing a zero-day vulnerability and four other flaws in Internet Explorer.
- September 11, 2012
Two important bulletins were issued in Microsoft's September 2012 Patch Tuesday.
- September 06, 2012
Microsoft released an advance notification on two important bulletins and encouraged customers to address a SSL certificate update before October.
- August 30, 2012
The latest update fixes widely exploited zero-day vulnerabilities. Metasploit manager praises company for fast turnaround.
- August 22, 2012
Adobe has released updates for six critical vulnerabilities, following a patch just one week ago that addressed other critical flaws.
- August 14, 2012
A dangerous flaw in Windows Common Controls affects multiple systems and software, including Office, SQL Server and Visual Basic 6.0 Runtime.