Microsoft Patch Tuesday and patch management
- April 21, 2006
The next version of Microsoft's free Windows patching tool will make its debut at the Microsoft Management Summit. Will it be able to better compete with commercial rivals?
- April 18, 2006
The software giant corroborates glitches with one of last week's Windows patches, but explains how affected users can implement workarounds.
- April 06, 2006
The createTextRange flaw in IE will be among those fixed, but with exploits in the wild, some debate whether once-a-month patching is right for the times.
- April 03, 2006
A new patch management survey shows more security administrators are avoiding exploits by patching vulnerabilities quickly. In some cases, maybe too quickly.
- March 14, 2006
The software giant addresses six critical security holes in Microsoft Office and an "important" vulnerability in Windows. Attackers could exploit them to hijack workstations and run malicious code.
- February 28, 2006
Two months ahead of its next scheduled patch release, the database giant fixes critical security holes in its E-Business Suite. The flaw is in the software's diagnostic feature.
- February 15, 2006
Cisco Systems announced the availability of free software to fix TACACS+ authentication vulnerabilities, which could allow a malicious user to bypass security in affected systems.
- February 14, 2006
Microsoft's monthly security bulletins include 2 critically ranked flaws, one for Internet Explorer.
- February 02, 2006
Data suggests upstart European antivirus firms are reacting more quickly to emerging zero-day threats, but opinions differ on whether speed is an important factor when choosing a vendor.
- January 20, 2006
Microsoft gets plenty of flak for slow patching, but this week bloggers say they'll take Microsoft's patch process over Oracle's any day.
- December 13, 2005
In addition to the long-awaited browser fix, the software giant also addressed an "important" Windows kernel flaw involving how certain procedure calls are processed.
- December 09, 2005
Security pros at this year's Infosecurity show say IT shops are getting better at patch management. But new threats are emerging, including flaws that never die.
- December 01, 2005
Microsoft may release a critical Internet Explorer fix before the next Patch Tuesday, amid reports that malicious code is targeting a memory corruption flaw.
- November 17, 2005
A health care provider found it could use wireless technology to dramatically boost patient care. But first it had to figure out how to deploy security updates over a wireless network.
- November 16, 2005
New research shows organizations are applying security fixes faster than ever, thanks in large part to patch prioritization. But it may be time to prepare for a new wave of threats.
- November 11, 2005
Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in question; patches fix Veritas flaws and TransUnion ...
- November 09, 2005
But a top executive's response to criticism over the company's use of rootkit technology has added fuel to the backlash.
- November 03, 2005
In other news: Mitglieder variants cause trouble and Microsoft admits to more patching problems while unveiling a new AV/PC clean-up utility for Windows.
- October 24, 2005
Mocbot targets an already-exploited security hole Microsoft patched in August. Could it be the next Zotob?
- October 19, 2005
The company offered few details on what the flaws are, but they are critical and affect a long list of products.
- October 18, 2005
In other news, a Microsoft patch causes problems while a Lynx flaw affects Red Hat and Ubuntu Linux distributions.
- October 14, 2005
Windows IT managers work to apply critical fixes before exploit code that may have Zotob-like effects can harm vulnerable systems.
- October 05, 2005
Also, Firefox Web site is taken down after attack; ISPs are getting attacked from within; and California gets tough with ID thieves.
- September 21, 2005
Mozilla has corrected some serious security holes with the latest release of its Firefox browser.
- September 14, 2005
The wireless router has five flaws attackers could use to tamper with passwords and firewalls, install firmware and cause a denial of service.
- September 14, 2005
Attackers could use the security holes to write malicious files, boost user privileges and intercept traffic to a Java application.
- August 30, 2005
Customers will be able to get software updates for the older version of Microsoft's free patch management tool for a little while longer.
- August 23, 2005
The Air Force reports major security breach, while more companies sign on for OATH. Earthlink buys antispyware maker Aluria.
- August 15, 2005
You think the Oracle patching utility installed the latest critical patches, but you may still be vulnerable -- and non-compliant with federal regulations.
- August 14, 2005
Security experts are worried by how fast Zotob was developed to exploit Microsoft Windows' Plug and Play flaw. A more damaging worm could be launched with equal speed.
- August 12, 2005
Experts warn of a bad month because of new vulnerability exploits and the tendency for attackers to strike in August. Users weigh in on the facts vs. FUD.
- July 20, 2005
A half-dozen new flaws impact Oracle' products; no patches are available, but there are workarounds.
- June 14, 2005
The software giant also addressed security holes in Outlook Express and the Exchange, ISA and Small Business servers.
- June 13, 2005
(Editor's update) Microsoft says WSUS will make an IT shop's patching cycle more efficient. But some administrators are in no rush to deploy it.
- June 01, 2005
In other news, network security products up 5% worldwide, while Apple issues QuickTime fix. A laptop loaded with private data is stolen from a Virginia travel agency.
- April 12, 2005
As admins scrambled to patch numerous critical flaws in Oracle products today, some noted that fixes were unavailable for many other serious and well-known flaws.
- April 07, 2005
After a patch-free March, Microsoft says to expect eight updates Tuesday to fix critical security holes in Windows, Office, MSN Messenger and Exchange.
- April 07, 2005
The networking giant said attackers could exploit security holes in IOS to cause a denial of service or access network resources. Patches are available.
- April 06, 2005
The Internet Storm Center 'sees yellow' after receiving multiple reports about DNS cache poisoning attacks redirecting users to malicious Web sites.
- March 24, 2005
New patches for security flaws in Firefox, Thunderbird and Mozilla Suiteare just the latest in a string of fixes for the open source vendor.
- March 21, 2005
Sun Microsystems addresses vulnerabilities that could help attackers tamper with files, escalate privileges or launch malicious code.
- March 10, 2005
Anyone who ever evaluated CA software is potentially at risk. The good news is patches are available and a free scanner is out now to identify systems vulnerable to attack.
- February 25, 2005
Workaround outlined for new php exploit. IBM issues patch for DB2 flaw. Payroll service goes offline to investigate security claims , and BoA loses personal data on customers.
- February 25, 2005
An attacker could exploit a flaw in multiple Trend Micro products to launch malicious code.
- February 09, 2005
Symantec fixes a high-risk vulnerability affecting a variety of products.
- January 21, 2005
A vulnerability in Cisco's Internetwork Operating Software (IOS) could be exploited for a denial-of-service attack.
- January 19, 2005
Attackers could launch malicious code by way of a security hole in the program used to view .pdf files on many Linux systems.
- January 18, 2005
Microsoft's first security bulletins of the new year included fixes for the now-unsupported Windows NT Server 4.0.
- January 18, 2005
Microsoft is making the Security Update Validation Program a formal part of its software patch testing process after a yearlong pilot project.
- January 14, 2005
Other news: Another Mydoom variant hits; FBI's $170M info-share program a bust; Solaris patch issued; and T-Mobile hacker arrested.
- January 06, 2005
Of the three upcoming security updates, the maximum severity rating will be "critical."
- December 21, 2004
A security hole could be exploited to launch malicious code. But there are fixes and a workaround.
- December 01, 2004
Microsoft surprisingly issued a fix Wednesday for the IFRAME vulnerability in Internet Explorer, which has already been attacked.
- November 30, 2004
Smaller organizations with limited IT budgets may not be able to afford expensive, automated patching systems. But they don't have to settle for hole-ridden desktops and servers either.
- November 22, 2004
Time is the enemy of every security manager charged with patching, implementing the right process can simplify the challenge
- November 22, 2004
Exploiting vulnerabilities and capitalizing on configuration errors are the only ways a computer system can be hacked.
- November 18, 2004
Oracle's chief security officer said a quarterly patching schedule is the company's attempt to offer customers a happy medium.
- November 11, 2004
How can you stop playing the patch-or-perish pariah?
- November 08, 2004
IT managers should stop trying to patch everything and focus instead on multi-layered security architecture, experts said at the NGN conference in Boston.
- November 05, 2004
The software giant said customer feedback prompted it to start issuing an advance description of monthly patch releases.
- October 28, 2004
Experts warn security managers not to take patch rankings at face value.
- October 26, 2004
Small and medium-sized businesses, especially those that team with big players, are leaving everyone vulnerable to attacks when flaws go unnoticed. There are some steps that SMBs can take to find their networks' weaknesses -- and fast.
- October 25, 2004
Red Hat warned users to beware of bogus e-mails pretending to be an alert from its security team.
- October 20, 2004
Conectiva and Sun issue patches; Gentoo and Debian recommend upgrades.
- October 15, 2004
A security hole could allow remote unauthorized root access, Veritas Software said.
- October 14, 2004
Microsoft's flurry of security bulletins this week made October the busiest patch month on record. That's particularly bad news if you're running an older version of Windows.
- October 12, 2004
IT managers have 10 Microsoft security updates to sift through for October, seven of them that can't be ignored.
- October 05, 2004
At times, the information security industry can sound downright alarmist. In the case of the .jpg vulnerability, that tone may be justified.
- September 29, 2004
An attacker could use multiple vulnerabilities in RealOne Player, RealPlayer and Helix Player to launch malicious code or delete files.
- September 23, 2004
Sanjay Kumar is indicted for securities fraud and conspiracy, while Authorize.Net is knocked offline by massive DDoS attacks.
- September 20, 2004
Experts describe a WordPerfect converter fix as straightforward, but a critical buffer-overrun vulnerability involving .jpg images will require more work for administrators to clean up.
- August 31, 2004
Oracle Corp. released fixes Tuesday for multiple security holes in Enterprise Manager, Database Server and Application Server.
- July 29, 2004
The fix will address Internet Explorer security holes exploited during last month's Download.ject attack.
- July 14, 2004
IT security experts say the message from Microsoft's July security bulletins is that it doesn't pay to put off patching, despite the headaches.
- June 30, 2004
What happens when your limited IT staff heads for vacation? Can your small business cope with security problems while your go-to guy is on the beach?
- May 19, 2004
A new study shows the window between vulnerability and exploit code releases has narrowed from months to mere days.
- May 12, 2004
In this week's Industry Notebook, Citadel Security Software announces its Hercules 3.0 with new host-based quarantine remediation and policy enforcement features. Also included are items from Akonix, ArticSoft, BMC Software, Proofpoint, Fortinet and...
- May 12, 2004
Microsoft warns of a single "important" Windows flaw and re-releases two previous bulletins.
- May 10, 2004
This month's worm outbreak shows the narrowing window for exploits and need for more proactivity.
- May 06, 2004
Network security managers who abandoned the patch-as-you-go approach to confronting past worm attacks seem to be having the most success limiting the impact of the Sasser strains. But however good their methods and tools are, they worry Sasser is ...
- May 03, 2004
Last year, the Blaster worm hit medical centers and hospitals in Houston, knocking some offline for several days. Prompted by that and the growing need to comply with federal mandates imposed by the HIPAA legislation, Methodist Hospital employed the...
- April 14, 2004
Microsoft stunned the security community yesterday with its announcement of 21 serious vulnerabilities in a variety of applications and operating systems.
- March 02, 2004
Multiple products from Internet Security Systems share an identical vulnerability that can allow the remote execution of arbitrary code.
- February 19, 2004
Patching systems is a major pain in the pocketbook. The Yankee Group has found it costs more than $1 million a year per patch to keep 5,000 desktops up to date.
- February 19, 2004
A recent poll found many security managers and administrators didn't immediately apply a patch for the ASN.1 parser library vulnerability despite warnings that the flaw is one of the worse in Windows history.
- February 12, 2004
After Microsoft released a patch this week for a critical Windows vulnerability discovered in July, the security community wants to know: What took so long?
- February 12, 2004
Microsoft ASN flaw may be biggest defect ever found
- February 11, 2004
Hewlett-Packard is warning HP-UX administrators to install fixes for multiple vulnerabilities in BIND version 920 that could lead to denial of service in affected systems.
- February 02, 2004
Learn how to overcome the challenges inherent to patch management, including ROI justification.
- January 22, 2004
Hewlett-Packard has announced six vulnerabilities in its HP-UX operating system. Users of vulnerable systems need to install updates to protect against them.
- January 22, 2004
A well-known vulnerability in OpenSSL and TLS has been found in Sun Microsystems' Sun Cluster product. The flaw could allow attackers to do everything from denial of service attacks to running arbitrary code on affected systems.
- January 06, 2004
Two recent announcements ease the burden of patch management for administrators, leading off this week's Industry Notebook. Included are items from BindView and Shavlik Technologies, OPSWAT, Netegrity and Oracle, GFI and Astaro.
- December 18, 2003
A new security mailing list called PatchManagement.org launched this month, giving taxed network administrators a place to share patching strategies and stories. An expert, meanwhile, describes the patching quandary facing administrators and ...
- November 13, 2003
"Internal issues" delayed the release of this week's critical fix for Windows' FrontPage Server Extensions, which was reported to Microsoft in January.
- November 10, 2003
Enterprises using BEA Tuxedo Administration Console are warned to patch a security flaw or be subject to denial-of-service, leak information or cross-site scripting.
- November 06, 2003
Shavlik Technologies announced tools for security assessment, automated patch management, and account and password evaluation, leading off this edition of Quick Takes. Also included are items from Qualys, SSH Communications, Consul and Kensington ...
- October 16, 2003
Experts are behind Microsoft's plan to release security alerts on a monthly cycle.
- September 03, 2003
The window of opportunity between the announcement of a vulnerability and an exploit is rapidly shrinking, if the events of August are any indication.
- August 19, 2003
The Nachi worm attempts to delete the Lovsan/Blaster worm and patch the vulnerability in Windows systems it exploits. These tips can help keep you safe from Nachi and Lovsan.
- August 12, 2003
Blaster-A, which targets the RPC vulnerability in Windows, is also going after Microsoft's patch download page. Patch now or else risk paying its price.