Tuesday Fun With Microsoft

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

See also:
Microsoft Security Bulletin Summary for December 2011
Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011
Last Patch Tuesday of 2011 Secures Windows XP, Vista, Windows 7
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft fixes 20 bugs in year’s last ‘Patch Tuesday’
Microsoft to patch three critical holes
Microsoft slims final patch Tuesday of 2011 to 13 patches from proposed 14
No BEAST fix from Microsoft in December patch batch
Microsoft fixes Duqu hole, but not BEAST problem
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
December Patch Tuesday Fixes Duqu Worm
‘Duqu’ zero-day Windows flaw patched this week
Microsoft: Duqu patched, bringing years total to 99 corrections

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Advertisements

Tuesday Fun With Microsoft

Windows, the software of perpetual patching. This installment is fairly large.

Microsoft Fixes Internet Explorer, Windows Flaws in October Patch Tuesday

Microsoft fixed 23 vulnerabilities across eight security bulletins as part of its October Patch Tuesday release.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

See also:
Microsoft Security Bulletin MS11-082 – Important
Microsoft Security Bulletin MS11-081 – Critical
Microsoft Security Bulletin MS11-080 – Important
Microsoft Security Bulletin MS11-079 – Important
Microsoft Security Bulletin MS11-078 – Critical
Microsoft Security Bulletin MS11-077 – Important
Microsoft Security Bulletin MS11-076 – Important
Microsoft Security Bulletin MS11-075 – Important
Microsoft’s October 2011 Patch Tuesday fixes 23 flaws, releases SIRv11
MS wipes out 23 flaws in October’s Patch Tuesday
Patch Internet Explorer Now
23 vulnerabilities squashed by Microsoft’s Patch Tuesday effort
Microsoft Update

So, get busy and happy patching!

/until the next time Microsoft releases patches to make its software suck less . . .

Tuesdays With Microsoft

Thankfully, it’s a relatively wee one.

Microsoft Unleashes Critical Update for Windows Server

Today is Patch Tuesday, and Microsoft is taking it easy on IT admins with a meager two security bulletins this month. But, don’t let the small number of updates lull you into a false sense of security. They may be few, but the patches this month are still crucial for network and computer security.

MS11-035 is rated as Critical and affects the WINS component of Windows Server 2003 and 2008, and MS11-036 is an Important security bulletins related to flaws in Microsoft PowerPoint.

See also:
Microsoft Security Bulletin Summary for May 2011
Microsoft plugs critical hole in Windows
Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint
Microsoft Releases Critical Patch for Windows Servers
Microsoft distributes Windows, PowerPoint patches
Patch Tuesday updates fix a trio of Windows 7 SP1 glitches
Microsoft Fixes Critical Windows Internet Name Service Flaw In Two-Patch Release
Microsoft fixes critical worm hole in Windows Server
Microsoft downplays Server bug threat, say researchers
Windows Update

Now get off your ass and do the Microsoft patch dance!

/so, until next time, stay updated, same patch day, same patch channel

Tuesday Fun With Microsoft

Give it up for Patch Tuesday, everyone’s favorite day of the month. Try and contain your excitement.

Microsoft Patch Tuesday Targets Four Bugs, One Critical

Microsoft on Tuesday issued three security bulletins that tackle four vulnerabilites. Just one of the vulnerabilities is rated critical. The other three are essentially the same bug, despite the fact that they affect three different products.

The first bug, MS11-015, describes two vulnerabilities in Windows Media. One, the only rated critical in this group, is a bug in Windows Media Center and Windows Media Player related to the handling of .dvr-ms files. It can lead to remote code execution in the context of user.

The other Windows Media bug, specifically in Microsoft DirectShow, is another instance of the insecure DLL loading bug that Microsoft and other vendors have been fixing for months. MS11-016 describes this bug in Microsoft Groove 2007 and MS11-017 describes it in the Windows Remote Desktop client.

Microsoft also released non-security updates today, including the monthly Windows Malicious Software Removal Tool, the update for the Windows Mail Junk E-mail Filter, and an update “to resolve issues” in Windows 7 and Windows Server 2008 R2.

See also:
Microsoft Security Bulletin Summary for March 2011
Microsoft Fixes Four Flaws
Microsoft patches critical Windows drive-by bug
Microsoft fixes critical Windows hole, others
Microsoft Patch Tuesday – three fixes for March, one critical, all ring coding alarms
Patch Tuesday: Gaping security hole in Windows Media Player
Critical Patch Tuesday Flaw Easy to Exploit
Go Plug Your Critical Hole
Microsoft Patch Tuesday leaves MHTML bug unchecked
Zero-day IE flaw not in Microsoft Patch Tuesday
Patch Tuesday Will Skip IE Before PWN2OWN Contest
March Patch Tuesday leaves IE unpatched for Pwn2Own hackers
Microsoft Releases Zero IE8 Security Updates Before “Pwn2Own” Browser Hacking Contest
Windows fix on Patch Tuesday ‘breaks’ VMware software
Microsoft Windows 7 Patches Wreak Havoc With VMware View
Windows 7 Update Breaks VMware Connection
Windows Update

As usual, Microsoft releases a patch that doesn’t even fix all the known issues and doesn’t play well with third party software. Particularly amusing is the fact that Microsoft is waiting to issue further patches until after a hacker contest is over fearing, with good reason, that the hackers will find even more Windows vulnerabilities.

/Microsoft Windows and Swiss cheese, what’s the difference?

Do You Know What Day Is It?

You know damn well what day it is, it’s Microsoft Patch Tuesday!

Microsoft Plugs 22 Security Vulnerabilities on Patch Tuesday

Microsoft plugged 22 security holes today in the second Patch Tuesday of the year.

The fixes are included in 12 security bulletins spanning Windows, Internet Explorer, Microsoft Office and IIS. Three of the bulletins are rated “critical” while the other nine are considered “important.”

Within the critical bulletins are fixes for a bug in the Windows Graphics Rendering Engine Microsoft warned users about in January, as well as a vulnerability in IE (Internet Explorer) resulting from the creation of uninitialized memory during a CSS (cascading style sheet) function within IE. The company issued the advisory for the IE flaw in December, and has seen limited, targeted attacks focused on the vulnerability.

See also:
Microsoft Security Bulletin Summary for February 2011
Microsoft patches Windows, IE
Microsoft Fixes 22 Security Holes – 6 Critical
Microsoft’s Patch Tuesday: 6 Critical Fixes
Microsoft Patch Tuesday Swats 22 Bugs, Misses MHTML Flaw
How to Prioritize Microsoft Patch Tuesday
Bug bounty program reveals 22 unpatched flaws, 5 in Office
Microsoft delivers ‘big month’ of patches, quashes 22 bugs
February Microsoft Patch Targets 20-Plus Security Flaws
Microsoft patches critical flaws in IE, Windows Shell Graphics
Microsoft addresses 22 vulnerabilities in monthly patch release
Microsoft finally says adios to Autorun
Microsoft Update Trims USB AutoRun For Security
Windows Update

Who Nellie, that’s a whole lot of patch! And, as usual, it doesn’t even correct all the problems with the software.

/so, until next time, happy patching!

New Year, More Patches

Same as it ever was, what fun would Tuesdays be without Microsoft issuing software patches?

Microsoft Fixes Windows Security Vulnerabilities in Light Patch Tuesday

Microsoft issued two security bulletins to fix three Windows vulnerabilities, getting Patch Tuesday off to a slow start in 2011.

Only one of the bulletins is rated “critical.” That bulletin, MS11-002, covers two vulnerabilities affecting Microsoft Data Access Components. The first of the bugs exists in the way MDAC (Microsoft Data Access Components) validates third-party API usage. The second is due to the way MDAC validates memory allocation. According to Microsoft, both vulnerabilities could be exploited via a specially crafted Web page to allow an attacker to remotely execute code.

See also:
Microsoft Security Bulletin Summary for January 2011
It’s Microsoft Patch Tuesday: January 2011
Microsoft Patches 3 Windows Vulnerabilities
Microsoft patches critical Windows drive-by bug
Patch Tuesday: Microsoft plugs ‘drive-by download’ security holes
Microsoft’s January Patch Tuesday: 3 fixes but 5 holes unpatched
Two bulletins from Microsoft on its first Patch Tuesday of 2011 but Internet Explorer zero-day remains uncovered
Microsoft ‘Patch Tuesday’ Doesn’t Address Problem
Microsoft Patch Tuesday Update – 11th January 2011
Microsoft Patch Tuesday Hits One Critical Bug
Windows Update

And, once again, Microsoft patches some holes but leaves others uncovered.

/so, I guess we’ll be doing this again in the near future

Microsoft Sets A New Record

It’s the biggest Patch Tuesday ever!

Microsoft Again Sets Record With Massive Patch

For the third time this year, Microsoft has issued a record-setting security patch.

The company’s December Bulletin Release includes 17 security bulletins addressing 40 vulnerabilities in Microsoft Office, Windows, Internet Explorer, SharePoint Server and Exchange.

Jeff Prince, CTO of ConSentry sees NAS as evolving technology that won’t just be about initial host assessment. It was only in October that Microsoft set the record it just broke, with 16 security bulletins. There were however fewer individual vulnerabilities this month than in October (49). And it was two months earlier, in August, that the company had set its previous record, with 14 bulletins to address 34 vulnerabilities.

The huge October patch was supposed to front-load the task of patching so that IT administrators had a lighter schedule over the holidays. So much for that idea.

At least the December crop of bulletins brings only two “critical” ones. Fourteen are rated “important” and one is rated “moderate.”

The two critical bulletins, MS10-090 and MS10-091, addressing vulnerabilities in Internet Explorer and Windows respectively, should be deployed first, according to Microsoft.

See also:
It’s Microsoft Patch Tuesday: December 2010
Microsoft Security Bulletin Summary for December 2010
Microsoft Closes a Record-Patch Year with 17 for December
Windows Security Updates: Microsoft Critical Security Patches
Microsoft Fixes 40 Vulnerabilities in Final Patch Tuesday for 2010
Microsoft’s holiday bonus: Fixes for 40 flaws
Microsoft Fixes Dozens of Vulnerabilities in Big Update
Record Patch Tuesday: What You Need to Know
Microsoft Fixes 40 Flaws With Record Patch Tuesday Release
Microsoft Patch Tuesday: The bottom line
Microsoft fixes bugs in Windows, Internet Explorer
Windows Update

You better watch out! Better not cry! Better not pout! I’m telling you why, Patch Tuesday is comin’ to town.

/Merry Christmas, don’t forget to unwrap your shiny new present from Microsoft!