Greg Lambert

About the Author Greg Lambert

IDG Contributor Network: An easy update for December Patch Tuesday

This is a relatively light update from Microsoft for this December Patch Tuesday, with “only” 32 reported vulnerabilities, none of which have publicly reported or exploited in the wild. The primary concern for this month are the updates to IE and Edge. Microsoft Office has a minor update that can wait for a scheduled patch effort. And lastly, yes, we still have updates for Adobe Flash Player – but it’s not a critical update as Adobe has given it a Priority 2 rating.

Following the advice from Microsoft for this December update release bulletin, please note the following additional items:

  • Starting in March 2017, there will be Windows 10 1607, 1703, and 1709 delta packages that contain just the delta changes between the previous month and the current release.
  • After May 9, 2017, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions.

More information on these Microsoft patching changes can be found here:

To read this article in full, please click here

Read more 0 Comments

IDG Contributor Network: Critical updates for Microsoft Office for October Patch Tuesday

This is an unusual October Patch Tuesday release from Microsoft. Normally, we would see a number of urgent critical updates from Microsoft for severe, massively damaging exploits in either Adobe Flash Player or several less severe but still urgent issues in both of Microsoft’s browsers. This month is different. No Adobe Flash Player updates. I repeat, no Flash updates. And no urgent browser updates, either.

For this October Patch Tuesday, Microsoft Office has the highest, most serious rating with a publicly reported and already exploited vulnerability in the Word automation component. In addition, Microsoft has released a number of security advisories for Windows 10. The most serious (ADV170012) relates to “a security vulnerability [which] exists in certain Trusted Platform Module (TPM) chipsets.” With a relatively high CVSS score of 7.3, this firmware update requires some attention. You can also find a helpful infographic from Chris Goettl’s blog here.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: September Patch Tuesday brings critical updates for Window, Edge and .NET

September brings a relatively large patch profile for Microsoft with 76 reported vulnerabilities, three public disclosures (thank you, Google) and unfortunately one zero day exploit. You used to be worried about browsers and Flash, now we have a publicly exploited vulnerability for augmented reality (AR) with a fix for Microsoft’s HoloLens headset.

For this September Patch Tuesday, Microsoft is only shipping security updates with patches to the following product groups:

Read more 0 Comments

IDG Contributor Network: Critical updates to Windows 10, XP and Vista for June Patch Tuesday

This June Microsoft Patch Tuesday is pretty unique. Excluding the fact that Microsoft is attempting to address a record 94 vulnerabilities, we are seeing Microsoft provide security updates for several operating systems that are no longer supported, including Windows XP and Vista. In addition, Microsoft has moved from its usual approach of mentioning a few select security issues with its Security Advisories notes. This month, we saw Microsoft issue a large number of high-priority issues and the incredible statement, “Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures.” Now is not the time to be relaxed about patching your environment. In addition, Microsoft is attempting to address two serious remote code execution vulnerabilities (CVE-2017-8543 and CVE-2017-8464) that have been reported as exploited in the wild. Although Microsoft no longer uses the update bulletins methodology the following product families will receive updates this month:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

IDG Contributor Network: May Patch Tuesday delivers fixes critical Windows 10 exploits

For this May Microsoft Patch Tuesday, we see Microsoft attempt to resolve 56 reported vulnerabilities in Microsoft Office, Windows, both Browsers and the .NET development platform.

Three of the vulnerabilities have been reported publicly and several have been actively exploited. Adding to an already serious situation, Microsoft’s anti-malware tool was compromised, resulting in the inadvertent deployment of malware through the anti-malware engine.

Microsoft responded very quickly with an out-of-band update (Security Advisory 4022344). Though there was general relief and kudos to Microsoft for their rapid response to this embarrassing episode, this bug was described as the “worst in recent memory” and as “crazy bad” by two of the lead researchers from Google’s Project Zero.

To read this article in full or to leave a comment, please click here

Read more 0 Comments