State of Enterprise Security Still Shaky Says New Survey

Today, we’re announcing the results of a survey recently commissioned on the state of enterprise security. Conducted by Ultimate Windows Security, the report provides visibility into the uses, concerns and challenges that IT departments face in respect to endpoint security, patching, cloud applications and mobile management.

We polled nearly 700 IT professionals working at enterprise (1,000+ employees),

> Read More

2015 On Record Pace with Release of September Patch Tuesday

In today’s Patch Tuesday, Microsoft released 12 security bulletins, five of which are critical. With this month’s patch load, we can count 105 updates
released so far this year which is only one update short of the total number of bulletins released back in 2013. We have already far-exceeded last year’s
total of 85.

> Read More

Patch Tuesday Still Alive and Well – And Offering Something for Everyone

Despite the launch of Windows 10 and all the talk about mandatory updates, today is still Patch Tuesday. And this month, everyone should pay attention. Microsoft shared a vulnerability smorgasbord today – offering a little something for everyone. From office and browser applications to desktops and servers, Microsoft covered them all with 14 bulletins.

> Read More

ICYMI – Emergency patch has silver lining for Microsoft

Last week, Microsoft issued an emergency patch in response to a critical flaw discovered by Google’s Project Zero and FireEye. While critical flaws rarely have a silver lining, there’s a big one for Microsoft here. An emergency patch just a week after July’s Patch Tuesday is the perfect outlier for Windows Update for Business (WUB) and 24/7 patching,

> Read More

Adobe Overshadows Last Microsoft Patch Tuesday

In the last Patch Tuesday before users may upgrade their Windows operating systems to Windows 10 on July 29 and subsequently enlist a changed patching process, we have 14 updates to deal with from Microsoft that address 59 total vulnerabilities. Equally as important however are the three 0-days in Adobe Flash Player and an impending 193 new fixes from Oracle,

> Read More

Time to Patch … Tuesday for June

This June Patch Tuesday we have a slightly smaller patch load from Microsoft, taking us back to more historic average releases of 8 bulletins. We have just 2 critical patches to deal with and 6 important. While this is good news for those that have their sights set on some summer vacation, this release also makes us wonder how many more of these Patch Tuesday cycles will we have?

> Read More

Nope, Patch Tuesday Has Not Gone Away; It’s a Monster May

Rumors of the demise of Patch Tuesday have been squelched for now, with today’s release of 13 security bulletins from Microsoft. It’s May Patch Tuesday and while last week’s announcement of Windows Update for Business (WUB) makes it clear as mud whether or not Microsoft will in fact continue to provide monthly security patches for the enterprise as they have since 2003 on the second Tuesday of every month,

> Read More

Patching Haste Makes Waste

Sometimes it’s better if software patches don’t come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy.

Some PowerPoint users, for instance, found that a fix designed to make PowerPoint 2013 more stable was actually causing more problems than it aimed to solve –

> Read More

Patch Management with Microsoft System Center

Compliance and patch management is important, even for Linux and UNIX computers. Starting with System Center 2012 SP1, you can deploy and update software on Linux and UNIX servers using Configuration Manager, but how do Configuration Manager features translate into compliance and patch management? This session explores several solutions to patching Linux/UNIX servers, taking a deep look at the capabilities that are built into System Center,

> Read More

Isn’t It Time Oracle Gave Us Monthly Security Updates for Java?

In some ways, it could be argued that Java is an incredible success.

I’m serious. Stop laughing at the back.

You see, according to Oracle, Java’s developer, the product is used on over 3 billion different devices worldwide. That *is* impressive.

But, for those of us concerned with securing systems and keeping computer data safe,

> Read More

Nothing Pretty About Fireworks Delivered From Microsoft This Patch Tuesday

IT admins may have taken the Fourth off to enjoy some fireworks, but they’ll be very busy this week patching their systems. It’s not a pretty Patch Tuesday this month with 7 bulletins, 6 of which are critical. That brings our total of critical bulletins for the year to 22, which is fairly high, considering Microsoft released only 34 critical bulletins for the entire calendar year of 2012.

> Read More

Much Ado About Java

So, have you seen the latest about Java? Seems most organizations are still running (really) old versions. And even the current version has what is technically known as a shit-ton of zero-day vulnerabilities. And so Oracle is changing their vulnerability numbering system to accommodate all of them, in addition to taking other steps surrounding Java security.

> Read More

Growing Threat From Vendors’ Friendly Fire

After we learned that Flame exploited Microsoft’s Auto Update infrastructure, I pointed out that if attackers were able to compromise Microsoft, a leader in patch management, it couldn’t be long before bad guys exploited the update infrastructures of other vendors who are far behind Microsoft – like Adobe…  And that’s exactly what happened a couple weeks ago.

> Read More

DNSChanger Trojan: Not All Doom and Gloom

If your server(s) have been infected by the DNSChanger Trojan and you’ve not done anything about it, time is running out. You have until July 9, 2012 to get your systems fixed, or you’ll lose internet access until you do.

This insidious little Trojan – variously known as TDSS, Alureon,

> Read More