Tuesday Fun With Microsoft

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

See also:
Microsoft Security Bulletin Summary for December 2011
Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011
Last Patch Tuesday of 2011 Secures Windows XP, Vista, Windows 7
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft fixes 20 bugs in year’s last ‘Patch Tuesday’
Microsoft to patch three critical holes
Microsoft slims final patch Tuesday of 2011 to 13 patches from proposed 14
No BEAST fix from Microsoft in December patch batch
Microsoft fixes Duqu hole, but not BEAST problem
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
December Patch Tuesday Fixes Duqu Worm
‘Duqu’ zero-day Windows flaw patched this week
Microsoft: Duqu patched, bringing years total to 99 corrections

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Tuesdays With Microsoft

Tuesdays are the day when we patch the holey Microsoft products.

Patch Tuesday leaves Duqu 0-day for another day

November marked a light Patch Tuesday with just four bulletins, only one of which tackles a critical flaw.

All four advisories relate to problems in Windows. None is related to the zero-day vulnerability related to Duqu, the highly sophisticated worm reckoned to be related to the infamous Stuxnet pathogen.

See also:
Microsoft Security Bulletin Summary for November 2011
Microsoft Patch Tuesday Fixes Critical Windows 7 Bug, Leaves Out Duqu Zero-Day
Microsoft Fixes Four Bugs for November Patch Tuesday
Microsoft offers simple patch Tuesday for election day
Microsoft fails to patch Duqu, but fixes critical hole in Windows TCP/IP stack
One critical bulletin, no Duqu patch, in November 2011 Patch Tuesday updates
A mild November Patch Tuesday from Microsoft
Light Patch Tuesday May Lead To Out-of-Band Patch
Microsoft fixes gaping hole in Windows TCP/IP stack
Microsoft patches critical Windows bug, but not Duqu flaw
Microsoft patches critical Windows 7 bug, downplays exploit threat
Microsoft Leaves Duqu Worm Exploit Unpatched
Windows Update

I find it more than interesting that Microsoft is unable or unwilling to patch for the Duqu Virus. Is it intentional?

/anyway, you know the drill, get on with it

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Tuesday Fun With Microsoft

Windows, the software of perpetual patching. This installment is fairly large.

Microsoft Fixes Internet Explorer, Windows Flaws in October Patch Tuesday

Microsoft fixed 23 vulnerabilities across eight security bulletins as part of its October Patch Tuesday release.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

See also:
Microsoft Security Bulletin MS11-082 – Important
Microsoft Security Bulletin MS11-081 – Critical
Microsoft Security Bulletin MS11-080 – Important
Microsoft Security Bulletin MS11-079 – Important
Microsoft Security Bulletin MS11-078 – Critical
Microsoft Security Bulletin MS11-077 – Important
Microsoft Security Bulletin MS11-076 – Important
Microsoft Security Bulletin MS11-075 – Important
Microsoft’s October 2011 Patch Tuesday fixes 23 flaws, releases SIRv11
MS wipes out 23 flaws in October’s Patch Tuesday
Patch Internet Explorer Now
23 vulnerabilities squashed by Microsoft’s Patch Tuesday effort
Microsoft Update

So, get busy and happy patching!

/until the next time Microsoft releases patches to make its software suck less . . .

Do The Microsoft Patch Dance

The dance that never ends.

Microsoft Patch

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server.

Microsoft addressed seven vulnerabilities in Internet Explorer including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer

. . .

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated important for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer which could cause the system to crash.

See also:
Microsoft Security Bulletin Summary for August 2011
Microsoft Fixes IE, Windows DNS Server Flaws In Patch Tuesday Update
Microsoft Patches 22 Security Holes
Microsoft Security Patch Fixes 20-Year-Old Flaw
Microsoft fixes 22 security bugs
Microsoft’s August Patch Tuesday security update to tackle critical flaws in IE and Windows Server
Your Microsoft Patch Tuesday update for August 2011
Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update
Hefty Microsoft August Patch Delivers 13 Security Fixes
IE, Windows server bugs likely to be exploited soon
Microsoft expecting exploits for critical IE vulnerabilities
Microsoft Update

Get busy downloading.

/so, until the next Patch Tuesday . . .

Tuesday Is The Time At Microsoft When We Patch

It’s a relatively small one this time, but critical.

Microsoft Fixes 22 Bugs in July Patch Tuesday

Microsoft addressed 22 security vulnerabilities across four security bulletins in July’s Patch Tuesday update. Three of the patches fix issues in the Windows operating system.

The four bulletins patched issues in all versions of the Windows operating system and in Microsoft Visio 2003 Service Pack 3, Microsoft said in its Patch Tuesday advisory, released July 12. Of the patches, only one has been rated “critical.” The remaining three are rated “important,” according to Microsoft.

“Today’s Patch Tuesday, though light, should not be ignored, as these patches address vulnerabilities that allow attackers to remotely execute arbitrary code on systems and use privilege escalation exploits,” said Dave Marcus, director of security research and communications at McAfee Labs.

Security experts ranked Microsoft bulletin MS11-053, which addressed a critical vulnerability in the Windows Bluetooth stack on Windows Vista and Windows 7, as the highest priority. Attackers could exploit the vulnerability by crafting and sending specially crafted Bluetooth packets to the target system to remotely take control, Microsoft said in its bulletin advisory.

See also:
Microsoft Security Bulletin Summary for July 2011
Microsoft fixes 22 security holes
Microsoft issues critical patch for Windows 7, Vista users
Microsoft Releases 4 Updates for Windows and Office
Microsoft warns of critical security hole in Bluetooth stack
Security Experts Warn of Microsoft Bluetooth Vulnerability
Patch Tuesday Fixes Critical Bluetooth Flaw in Windows 7
‘Bluetooth sniper’ Windows vuln fix in light Patch Tuesday
Microsoft Squashes Bluetooth Bug
Microsoft patches ‘sexy’ Bluetooth bug in Vista, Windows 7
Microsoft Fixes 22 Bugs in July Patch Tuesday
Businesses should not ignore critical Microsoft Patch Tuesday update, say experts
Microsoft Patch Tuesday: four security bulletins
Microsoft Patch Tuesday – 12th July 2011
Windows Update

This isn’t the first time you’ve had to update Windows, you know what to do, so get busy.

/until next time, same patch time, same patch channel

Tuesday Fun With Microsoft

It’s another big one and the flaws are serious.

Microsoft Fixes 24 Bugs in June Patch Tuesday

Microsoft addressed 24 security vulnerabilities across 16 security bulletins in June’s Patch Tuesday update. This will be Microsoft’s second-largest Patch Tuesday in 2011 after April’s gargantuan release.

Microsoft patched the Windows operating system, all supported versions of Internet Explorer, Microsoft Office, SQL Server, Forefront, .NET/Silverlight, Active Directory and Hyper-V, the company said in its Patch Tuesday advisory released June 14. Of the patches, nine have been rated as “critical,” and seven have been ranked as important, according to Microsoft.

Microsoft called out four critical updates as top priorities on the Microsoft Security Response Center blog. They include a fix for all versions of the SMB Client on Windows (MS11-043), 11 bugs in all versions of Internet Explorer (MS11-050), another Windows flaw (MS11-052) and two issues in the DFS client for all versions of Windows (MS11-042), according to Trustworthy Computing’s Angela Gunn.

See also:
Microsoft Security Bulletin Summary for June 2011
Microsoft ‘Patch Tuesday’ Fixes 24 Flaws In 16 Updates
MS Patch Tuesday: Gaping holes haunt Internet Explorer browser
Patch Tuesday Fixes Dangerous Flaws with Exploits Imminent
Microsoft plugs 34 holes; Adobe fixes Flash Player bug
Microsoft patches critical IE9, Windows bugs
Patch Tuesday heralds a busy spell for admins
Microsoft Puts Out 16 Patches, 9 Critical, for June
Microsoft issues 16 bulletins, 9 critical including SMB, IE fixes
June Gloom: Microsoft Releases 16 Bulletins for Patch Tuesday
Windows Update

Damn, if Windows was a car that had been “repaired” this many times, it wouldn’t have any original parts left.

/anyway, get busy with the updating, don’t let the bad guys in, at least until they find new holes in Widows that Microsoft will have to patch next month

Follow

Get every new post delivered to your Inbox.

Join 26 other followers