Greg Lambert

About the Author Greg Lambert


IDG Contributor Network: September Patch Tuesday brings critical updates for Window, Edge and .NET

September brings a relatively large patch profile for Microsoft with 76 reported vulnerabilities, three public disclosures (thank you, Google) and unfortunately one zero day exploit. You used to be worried about browsers and Flash, now we have a publicly exploited vulnerability for augmented reality (AR) with a fix for Microsoft’s HoloLens headset.

For this September Patch Tuesday, Microsoft is only shipping security updates with patches to the following product groups:

Read more 0 Comments

IDG Contributor Network: Critical updates to Windows 10, XP and Vista for June Patch Tuesday

This June Microsoft Patch Tuesday is pretty unique. Excluding the fact that Microsoft is attempting to address a record 94 vulnerabilities, we are seeing Microsoft provide security updates for several operating systems that are no longer supported, including Windows XP and Vista. In addition, Microsoft has moved from its usual approach of mentioning a few select security issues with its Security Advisories notes. This month, we saw Microsoft issue a large number of high-priority issues and the incredible statement, “Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures.” Now is not the time to be relaxed about patching your environment. In addition, Microsoft is attempting to address two serious remote code execution vulnerabilities (CVE-2017-8543 and CVE-2017-8464) that have been reported as exploited in the wild. Although Microsoft no longer uses the update bulletins methodology the following product families will receive updates this month:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: May Patch Tuesday delivers fixes critical Windows 10 exploits

For this May Microsoft Patch Tuesday, we see Microsoft attempt to resolve 56 reported vulnerabilities in Microsoft Office, Windows, both Browsers and the .NET development platform.

Three of the vulnerabilities have been reported publicly and several have been actively exploited. Adding to an already serious situation, Microsoft’s anti-malware tool was compromised, resulting in the inadvertent deployment of malware through the anti-malware engine.

Microsoft responded very quickly with an out-of-band update (Security Advisory 4022344). Though there was general relief and kudos to Microsoft for their rapid response to this embarrassing episode, this bug was described as the “worst in recent memory” and as “crazy bad” by two of the lead researchers from Google’s Project Zero.

To read this article in full or to leave a comment, please click here

Read more 0 Comments