Tuesday Fun With Microsoft

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

See also:
Microsoft Security Bulletin Summary for December 2011
Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011
Last Patch Tuesday of 2011 Secures Windows XP, Vista, Windows 7
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft fixes 20 bugs in year’s last ‘Patch Tuesday’
Microsoft to patch three critical holes
Microsoft slims final patch Tuesday of 2011 to 13 patches from proposed 14
No BEAST fix from Microsoft in December patch batch
Microsoft fixes Duqu hole, but not BEAST problem
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
December Patch Tuesday Fixes Duqu Worm
‘Duqu’ zero-day Windows flaw patched this week
Microsoft: Duqu patched, bringing years total to 99 corrections

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Tuesday Fun With Microsoft

Windows, the software of perpetual patching. This installment is fairly large.

Microsoft Fixes Internet Explorer, Windows Flaws in October Patch Tuesday

Microsoft fixed 23 vulnerabilities across eight security bulletins as part of its October Patch Tuesday release.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

See also:
Microsoft Security Bulletin MS11-082 – Important
Microsoft Security Bulletin MS11-081 – Critical
Microsoft Security Bulletin MS11-080 – Important
Microsoft Security Bulletin MS11-079 – Important
Microsoft Security Bulletin MS11-078 – Critical
Microsoft Security Bulletin MS11-077 – Important
Microsoft Security Bulletin MS11-076 – Important
Microsoft Security Bulletin MS11-075 – Important
Microsoft’s October 2011 Patch Tuesday fixes 23 flaws, releases SIRv11
MS wipes out 23 flaws in October’s Patch Tuesday
Patch Internet Explorer Now
23 vulnerabilities squashed by Microsoft’s Patch Tuesday effort
Microsoft Update

So, get busy and happy patching!

/until the next time Microsoft releases patches to make its software suck less . . .

Tuesdays With Microsoft

Thankfully, it’s a relatively wee one.

Microsoft Unleashes Critical Update for Windows Server

Today is Patch Tuesday, and Microsoft is taking it easy on IT admins with a meager two security bulletins this month. But, don’t let the small number of updates lull you into a false sense of security. They may be few, but the patches this month are still crucial for network and computer security.

MS11-035 is rated as Critical and affects the WINS component of Windows Server 2003 and 2008, and MS11-036 is an Important security bulletins related to flaws in Microsoft PowerPoint.

See also:
Microsoft Security Bulletin Summary for May 2011
Microsoft plugs critical hole in Windows
Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint
Microsoft Releases Critical Patch for Windows Servers
Microsoft distributes Windows, PowerPoint patches
Patch Tuesday updates fix a trio of Windows 7 SP1 glitches
Microsoft Fixes Critical Windows Internet Name Service Flaw In Two-Patch Release
Microsoft fixes critical worm hole in Windows Server
Microsoft downplays Server bug threat, say researchers
Windows Update

Now get off your ass and do the Microsoft patch dance!

/so, until next time, stay updated, same patch day, same patch channel

Tuesday Fun With Microsoft

Give it up for Patch Tuesday, everyone’s favorite day of the month. Try and contain your excitement.

Microsoft Patch Tuesday Targets Four Bugs, One Critical

Microsoft on Tuesday issued three security bulletins that tackle four vulnerabilites. Just one of the vulnerabilities is rated critical. The other three are essentially the same bug, despite the fact that they affect three different products.

The first bug, MS11-015, describes two vulnerabilities in Windows Media. One, the only rated critical in this group, is a bug in Windows Media Center and Windows Media Player related to the handling of .dvr-ms files. It can lead to remote code execution in the context of user.

The other Windows Media bug, specifically in Microsoft DirectShow, is another instance of the insecure DLL loading bug that Microsoft and other vendors have been fixing for months. MS11-016 describes this bug in Microsoft Groove 2007 and MS11-017 describes it in the Windows Remote Desktop client.

Microsoft also released non-security updates today, including the monthly Windows Malicious Software Removal Tool, the update for the Windows Mail Junk E-mail Filter, and an update “to resolve issues” in Windows 7 and Windows Server 2008 R2.

See also:
Microsoft Security Bulletin Summary for March 2011
Microsoft Fixes Four Flaws
Microsoft patches critical Windows drive-by bug
Microsoft fixes critical Windows hole, others
Microsoft Patch Tuesday – three fixes for March, one critical, all ring coding alarms
Patch Tuesday: Gaping security hole in Windows Media Player
Critical Patch Tuesday Flaw Easy to Exploit
Go Plug Your Critical Hole
Microsoft Patch Tuesday leaves MHTML bug unchecked
Zero-day IE flaw not in Microsoft Patch Tuesday
Patch Tuesday Will Skip IE Before PWN2OWN Contest
March Patch Tuesday leaves IE unpatched for Pwn2Own hackers
Microsoft Releases Zero IE8 Security Updates Before “Pwn2Own” Browser Hacking Contest
Windows fix on Patch Tuesday ‘breaks’ VMware software
Microsoft Windows 7 Patches Wreak Havoc With VMware View
Windows 7 Update Breaks VMware Connection
Windows Update

As usual, Microsoft releases a patch that doesn’t even fix all the known issues and doesn’t play well with third party software. Particularly amusing is the fact that Microsoft is waiting to issue further patches until after a hacker contest is over fearing, with good reason, that the hackers will find even more Windows vulnerabilities.

/Microsoft Windows and Swiss cheese, what’s the difference?

Do You Know What Day Is It?

You know damn well what day it is, it’s Microsoft Patch Tuesday!

Microsoft Plugs 22 Security Vulnerabilities on Patch Tuesday

Microsoft plugged 22 security holes today in the second Patch Tuesday of the year.

The fixes are included in 12 security bulletins spanning Windows, Internet Explorer, Microsoft Office and IIS. Three of the bulletins are rated “critical” while the other nine are considered “important.”

Within the critical bulletins are fixes for a bug in the Windows Graphics Rendering Engine Microsoft warned users about in January, as well as a vulnerability in IE (Internet Explorer) resulting from the creation of uninitialized memory during a CSS (cascading style sheet) function within IE. The company issued the advisory for the IE flaw in December, and has seen limited, targeted attacks focused on the vulnerability.

See also:
Microsoft Security Bulletin Summary for February 2011
Microsoft patches Windows, IE
Microsoft Fixes 22 Security Holes – 6 Critical
Microsoft’s Patch Tuesday: 6 Critical Fixes
Microsoft Patch Tuesday Swats 22 Bugs, Misses MHTML Flaw
How to Prioritize Microsoft Patch Tuesday
Bug bounty program reveals 22 unpatched flaws, 5 in Office
Microsoft delivers ‘big month’ of patches, quashes 22 bugs
February Microsoft Patch Targets 20-Plus Security Flaws
Microsoft patches critical flaws in IE, Windows Shell Graphics
Microsoft addresses 22 vulnerabilities in monthly patch release
Microsoft finally says adios to Autorun
Microsoft Update Trims USB AutoRun For Security
Windows Update

Who Nellie, that’s a whole lot of patch! And, as usual, it doesn’t even correct all the problems with the software.

/so, until next time, happy patching!

New Year, More Patches

Same as it ever was, what fun would Tuesdays be without Microsoft issuing software patches?

Microsoft Fixes Windows Security Vulnerabilities in Light Patch Tuesday

Microsoft issued two security bulletins to fix three Windows vulnerabilities, getting Patch Tuesday off to a slow start in 2011.

Only one of the bulletins is rated “critical.” That bulletin, MS11-002, covers two vulnerabilities affecting Microsoft Data Access Components. The first of the bugs exists in the way MDAC (Microsoft Data Access Components) validates third-party API usage. The second is due to the way MDAC validates memory allocation. According to Microsoft, both vulnerabilities could be exploited via a specially crafted Web page to allow an attacker to remotely execute code.

See also:
Microsoft Security Bulletin Summary for January 2011
It’s Microsoft Patch Tuesday: January 2011
Microsoft Patches 3 Windows Vulnerabilities
Microsoft patches critical Windows drive-by bug
Patch Tuesday: Microsoft plugs ‘drive-by download’ security holes
Microsoft’s January Patch Tuesday: 3 fixes but 5 holes unpatched
Two bulletins from Microsoft on its first Patch Tuesday of 2011 but Internet Explorer zero-day remains uncovered
Microsoft ‘Patch Tuesday’ Doesn’t Address Problem
Microsoft Patch Tuesday Update – 11th January 2011
Microsoft Patch Tuesday Hits One Critical Bug
Windows Update

And, once again, Microsoft patches some holes but leaves others uncovered.

/so, I guess we’ll be doing this again in the near future

Microsoft Sets A New Record

It’s the biggest Patch Tuesday ever!

Microsoft Again Sets Record With Massive Patch

For the third time this year, Microsoft has issued a record-setting security patch.

The company’s December Bulletin Release includes 17 security bulletins addressing 40 vulnerabilities in Microsoft Office, Windows, Internet Explorer, SharePoint Server and Exchange.

Jeff Prince, CTO of ConSentry sees NAS as evolving technology that won’t just be about initial host assessment. It was only in October that Microsoft set the record it just broke, with 16 security bulletins. There were however fewer individual vulnerabilities this month than in October (49). And it was two months earlier, in August, that the company had set its previous record, with 14 bulletins to address 34 vulnerabilities.

The huge October patch was supposed to front-load the task of patching so that IT administrators had a lighter schedule over the holidays. So much for that idea.

At least the December crop of bulletins brings only two “critical” ones. Fourteen are rated “important” and one is rated “moderate.”

The two critical bulletins, MS10-090 and MS10-091, addressing vulnerabilities in Internet Explorer and Windows respectively, should be deployed first, according to Microsoft.

See also:
It’s Microsoft Patch Tuesday: December 2010
Microsoft Security Bulletin Summary for December 2010
Microsoft Closes a Record-Patch Year with 17 for December
Windows Security Updates: Microsoft Critical Security Patches
Microsoft Fixes 40 Vulnerabilities in Final Patch Tuesday for 2010
Microsoft’s holiday bonus: Fixes for 40 flaws
Microsoft Fixes Dozens of Vulnerabilities in Big Update
Record Patch Tuesday: What You Need to Know
Microsoft Fixes 40 Flaws With Record Patch Tuesday Release
Microsoft Patch Tuesday: The bottom line
Microsoft fixes bugs in Windows, Internet Explorer
Windows Update

You better watch out! Better not cry! Better not pout! I’m telling you why, Patch Tuesday is comin’ to town.

/Merry Christmas, don’t forget to unwrap your shiny new present from Microsoft!

Just Another Jumbo Sized, Incomplete Microsoft Patch Tuesday

Microsoft should just hire some of these hackers to code their software in the first place so they wouldn’t have to try and fix it every few weeks. It’d be cheaper and less of a hassle for everyone involved. Here’s the latest futile attempt at patching Windows.

Microsoft Patch Tuesday Bulletins Fix 11 Vulnerabilities

Microsoft has released nine security bulletins as part of its Patch Tuesday software update scheme.

The nine bulletins fix 11 security vulnerabilities found on Microsoft software.

According to the advisory, four security bulletins were marked as critical, out which, MS10-061 and MS10-062 ran the greatest risk of being exploited in the wild.

MS10-061 addressed a vulnerability in the Printer Spooler service, which could allow remote code execution from a malicious print request, tech news site eWeek reports.

The other critical vulnerability most likely to be exploited in the wild, MS10-062, could allow remote code execution by exploiting a vulnerability found in the way in which MPEG-4 codec dealt with media files.

See also:
Microsoft Security Bulletin Summary for September 2010
Microsoft Patch Tuesday for September 2010: nine bulletins
It’s Microsoft Patch Tuesday: September 2010
Large Patch Tuesday from Microsoft this month
Microsoft Patch Tuesday includes protection against Stuxnet worm
Patch Tuesday Fixes Another Stuxnet Vulnerability
Microsoft overlooks four Stuxnet zero-day bugs in Patch Tuesday
Microsoft Patch Tuesday halts two live attacks but offers no help for others
Microsoft Windows Update

Well, what are you waiting for? Get on with it, those updates aren’t going to install themselves!

/so, until the next Patch Tuesday . . .

It’s A Record Patchapalooza Tuesday!

Does Microsoft Windows suck? Um, why do you ask?

Microsoft drops record 14 bulletins in largest-ever Patch Tuesday

It’s a very busy Patch Tuesday for Windows users: 14 bulletins covering 34 serious security vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.

As previously reported, eight of the bulletins are rated “critical” because of the risk of remote code execution attacks. The other six are rated “important.”

The company also released a security advisory to warn of a new elevation of privilege issue in the Windows Service Isolation feature.

Windows users are urged to pay special attention to these four bulletins:

MS10-052 resolves a privately reported vulnerability in Microsoft’s MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

MS10-055 resolves a privately reported vulnerability in the Cinepak codec that could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

MS10-056 resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.

MS10-060 resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.

As Computerworld’s Gregg Keizer points out, the August update was the biggest ever by number of security bulletins, and equaled the single-month record for individual patches.

See also:
Microsoft Security Bulletin Summary for August 2010
MS10-052
MS10-055
MS10-056
MS10-060
Windows Update Home
Record Patch Tuesday yields critical Windows, IE fixes
Record Patch Tuesday: Where to Begin
It’s Microsoft Patch Tuesday: August 2010
Microsoft: Big Patch Tuesday for IT Administrators
Microsoft releases record number of security patches
Microsoft issues patches for a record 35 fresh security holes
Microsoft Issues Biggest Security Patch Yet

What the hell is Bill Gates selling anyway, a computer operating system or Swiss cheese?

/you’d better get busy downloading, this one takes a while, sucks if you have dial up

If It’s Tuesday, It Must Be Microsoft Patch Day

Pack a lunch, it’s massive.

Patch Tuesday Updates Fix Critical Flaws in IE and DirectShow

Microsoft’s Patch Tuesday for June 2010 is here. Microsoft released a total of 10 new security bulletins, addressing 34 separate vulnerabilities, including critical flaws in DirectShow and the Internet Explorer Web browser. Let’s turn to some industry experts and security professionals for additional insight on the Microsoft security bulletins, and perspective on how to prioritize and protect against the potential threats.

Seven of the security bulletins are rated as Important, while the remaining three are Critical. The Critical security bulletins include MS10-033 for DirectShow, and MS10-035 which addresses six different vulnerabilities in Internet Explorer.

Joshua Talbot, security intelligence manager for Symantec Security Response, points out that “This is the largest Microsoft patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year. This month’s release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together.”

See also:
Microsoft plugs critical holes in huge Patch Tuesday
Microsoft emphasizes three critical updates on patch-heavy Tuesday
Microsoft Issues Critical IE Fix In 10-Patch Update
Microsoft issues 10 patches as part of June update
Microsoft: 10 security bulletins, 34 vulnerabilities for Patch Tuesday
Microsoft patches IE8’s Pwn2Own bug in massive update
Microsoft finally fixes Pwn2Own browser flaw
Windows Update

The update takes a while to download and install, but several of the patches are critical.

/so, you know what you need to do, get in their and protect your computer from the evil doers