Patch Tuesday

Microsoft adds workaround for Internet Explorer bug

Dan Kaplan March 15, 2010

Microsoft is now offering an automated workaround to mitigate the Internet Explorer (IE) vulnerability it announced last week. The "Fix It" solution mitigates the bug "by disabling the peer factory class through the modification of a registry key," according to a Friday blog post. The flaw currently is being exploited in targeted attacks, the company said. The issue does not affect Microsoft's newest browser, IE 8. Even with the new workaround, Microsoft may release an out-of-band patch because its next scheduled security update is not due until April 13. — DK
 

Microsoft offers two fixes, but reveals a zero-day bug

Dan Kaplan March 09, 2010

Microsoft fixed eight vulnerabilities with two patches on Tuesday, but it also disclosed a new, zero-day Internet Explorer flaw that is being leveraged in active attacks.
 

Microsoft readies two patches for Windows, Office flaws

Dan Kaplan March 05, 2010

After a major patch batch in February, administrators can only expect two fixes, rated "important," in next week's monthly security update from Microsoft.
 

Microsoft reinstates faulty fix, but with rootkit detection

Dan Kaplan March 02, 2010

Microsoft on Tuesday resumed shipping a recent patch, MS10-015, through Windows Update. The fix was sidelined after Microsoft determined that it resulted in a denial-of-service condition when installed by users whose machines are infected with a rootkit known as Alureon. The revamped bulletin now contains "detection logic" to find the Alureon rookit. If it does, the computer does not load the patch. -- DK
 

Rootkit to blame for Windows fix resulting in blue screen

Dan Kaplan February 18, 2010

Microsoft has concluded that PCs displaying the "blue screen of death" when trying to install a February patch contain a rootkit.
 

Microsoft removes patch from Windows Update

Dan Kaplan February 12, 2010

Microsoft has stopped offering one of its recent patches, MS10-015, through Windows Update because a "limited number of users" are having difficulty restarting their computers after installing the fix, Jerry Bryant, senior security communications manager at Microsoft, said in a Thursday blog post. Organizations using Systems Management Server (SMS) or Windows Server Update Services (WSUS) can still deploy the patch, which corrects a privilege-escalation flaw in the Windows kernel. Users who decide not to install the fix can apply a workaround, as described in an advisory that originally announced the vulnerability. Microsoft is working to resolve the issue, Bryant said. — DK
 

Microsoft looks into patch installation problem

Dan Kaplan February 11, 2010

Microsoft is investigating "an installation issue" stemming from one of the patches it released on Tuesday, said Jerry Bryant, senior security communications manager at Microsoft. Attempting to install the fix reportedly can result in users getting the so-called blue screen of death when they attempt to restart. The potentially broken patch reportedly is bulletin MS10-015, which repairs privilege-escalation vulnerabilities in the Windows kernel. — DK
 

SMB, DirectShow top the list of Microsoft patches

Dan Kaplan February 09, 2010

After a restful January, Microsoft pushed out 13 patches to rectify 26 vulnerabilities, mostly affecting issues in Windows.
 

Oracle fixes WebLogic bug; 11g flaw exposed

Dan Kaplan February 05, 2010

Oracle on Thursday released a fix for a zero-day vulnerability in its WebLogic Node Manager. The publicly released bug can allow an attacker to fully compromise a targeted server on Windows, according to an Oracle blog post. The patch does not appear to be related to researcher David Litchfield's talk this week at the Black Hat conference in Washington, D.C., where he revealed how zero-day vulnerabilities in the Oracle 11g database could be used to bypass security and take complete control of the popular software. — DK
 

Microsoft to deliver 13 security patches for 26 bugs

Dan Kaplan February 05, 2010

After a relatively quiet January, administrators next week will have to deal with an unusually large security update from Microsoft, with 26 vulnerabilities in line for fixing.
 

Microsoft responds to Black Hat talk with IE bug advisory

Dan Kaplan February 03, 2010

An Internet Explorer vulnerability revealed at this week's Black Hat conference in Washington, D.C. prompted Microsoft to issue an advisory on the issue.
 

Microsoft patches Internet Explorer hole used in spying

Dan Kaplan January 21, 2010

A "critical" Internet Explorer vulnerability, used as part of a mix of malware designed to steal sensitive intellectual property from major U.S. companies, was fixed on Thursday.
 

Microsoft confirms low-risk zero-day in Windows kernel

Dan Kaplan January 21, 2010

Microsoft is dealing with another zero-day vulnerability, albeit a less risky one than the notorious Internet Explorer flaw being leveraged in data-theft attacks on major companies.
 

Google engineer finds Windows kernel bug

Dan Kaplan January 19, 2010

A security engineer on Tuesday posted details about an unpatched Windows kernel vulnerability. The flaw affects all versions of the operating system and can result in privilege escalation, according to an advisory posted to the Full Disclosure mailing list by Google engineer Tavis Ormandy. A successful exploit can allow an attacker to change the address for the kernel stack. Ormandy was responsible for reporting the lone vulnerability patched in last week's Microsoft security update. A Microsoft spokeswoman had no immediate comment. — DK
 

Microsoft to issue early patch for Internet Explorer flaw

Dan Kaplan January 19, 2010

A dangerous, zero-day vulnerability in Internet Explorer is getting an early fix, Microsoft announced Tuesday.
 

Adobe update trumps Microsoft's lone fix in patch frenzy

Dan Kaplan January 12, 2010

Microsoft typically garners all of the attention on Patch Tuesday, but for January's installment, researchers consider Adobe's fix for a critical zero-day vulnerability to be the major priority. Oracle also was scheduled to release fixes.
 

Microsoft to release single patch for January update

Dan Kaplan January 07, 2010

IT administrators may be able to ease back into the New Year now that Microsoft plans only one fix for its January security update.
 

Microsoft patch batch includes fix for zero-day IE flaw

Dan Kaplan December 08, 2009

Microsoft on Tuesday delivered six patches as part of its monthly security update, but only one -- addressing five flaws in Internet Explorer -- requires immediate deployment, experts said.
 

Microsoft slates six fixes for year's final Patch Tuesday

Dan Kaplan December 03, 2009

Microsoft's planned patches for Tuesday include a fix for a null pointer reference vulnerability in Internet Explorer, for which proof-of-concept code has been published.
 

Microsoft denies that patches caused black screens

Dan Kaplan December 01, 2009

Microsoft said Tuesday that it is not at fault for any customers experiencing a "black screen of death."
 

Microsoft affirms vulnerability affecting Internet Explorer

Dan Kaplan November 24, 2009

Microsoft engineers are prepping a fix for a zero-day Internet Explorer version 6 and 7 flaw, while users are encouraged to apply workarounds as they await a patch.
 

Microsoft fixes 15 flaws with six patches

Dan Kaplan November 10, 2009

Microsoft on Tuesday delivered six security patches, but considers one -- which addresses a "critical" Windows kernel bug -- of paramount concern.
 

Microsoft to deliver six patches covering 15 flaws

Dan Kaplan November 05, 2009

November's security update from Microsoft comes with six patches for 15 vulnerabilities -- nearly 20 fewer than last month.
 

Microsoft Patch Tuesday bonanza: 13 fixes for 34 flaws

Dan Kaplan October 13, 2009

Microsoft on Tuesday released a record amount of security fixes to remediate a number of dangerous issues, including two previously known vulnerabilities and several bugs in Windows 7.
 

Microsoft to push 13 patches, including SMB, FTP fixes

Dan Kaplan October 08, 2009

Microsoft's monthly patch cycle will include fixes for a monstrous 34 vulnerabilities, including the much ballyhooed, zero-day vulnerabilities in the SMB network protocol and FTP service.
 

Attack code developed for SMB vulnerability

Dan Kaplan September 29, 2009

An outbreak leveraging an unpatched vulnerability in Windows Vista and Server 2008 moved one step closer to reality with the release of public exploit code.
 

Microsoft releases workaround for SMB security flaw

Chuck Miller September 21, 2009

Microsoft has released a quick fix to the Server Message Block Version 2 vulnerability affecting Windows Vista and Windows Server 2008.
 

Researchers fret over new Microsoft SMB vulnerability

Dan Kaplan September 09, 2009

Microsoft has recognized a zero-day vulnerability in its SMB protocol that, experts say, might warrant an out-of-band patch.
 

Microsoft patches for eight flaws; FTP server fix not ready

Dan Kaplan September 08, 2009

Microsoft on Tuesday distributed five patches covering eight vulnerabilities, but still outstanding is a fix for two "critical" FTP server bugs unveiled last week.
 

Microsoft warns users of in-the-wild IIS/FTP exploits

Dan Kaplan September 08, 2009

Microsoft is now aware of active attacks targeting two FTP server flaws.
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Apple Threats Botnets Breaches & Exposures Browser Flaws Cybercrime Data Leakage Prevention Database Security Email Security Endpoint Protection Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Spam Virtualization Vulnerabilities & Flaws Vulnerability Management