It’s the time of year where back to school is on the minds of many. As your brain shifts out of summer vacation mode, remember the cardinal rule of security and put it into practice: don’t provide administrative access to anyone who doesn’t absolutely have to have it. Users should ALWAYS have the least privilege they need for their jobs.
A little bit of good news on the patch front this month. Microsoft issued 11 updates today, 6 of which are critical, but none of the 40 unique vulnerabilities are under active attack. The software maker is using what is likely a brief reprieve to clean up old code so if you’re using Vista,
Don’t take off on that summer vacation just yet – Microsoft released another 16 security bulletins in today’s June Patch Tuesday and 5 of those are rated critical. While there are quite a few updates to be made, both on the client and server side, across a broad range of legacy and current code, the good news is none of them are under active exploit.
Microsoft released 16 bulletins for May Patch Tuesday today – 8 of which are critical. It’s a big month overall with more than 30 CVEs addressed in total. There are also two zero days included that demand your quick attention.
If your users still use Internet Explorer, make sure MS16-051 gets applied right away.
Microsoft released 13 bulletins for April Patch Tuesday today; 6 of which are rated critical. Thirty vulnerabilities have been addressed in total and the software impacted is widespread. Perhaps most importantly, there are also zero-days in the mix. To avoid compromise, IT should get these updates made quickly.
First on your list of priorities this month should be the security update for Adobe Flash.
If you thought February would be a light update month given January Patch Tuesday’s patch load of nine updates including end of support for the Windows 8 OS and all but the current version of IE, you thought wrong. Microsoft released a whopping 13 bulletins addressing 36 unique vulnerabilities in today’s February Patch Tuesday and 6 of them are considered critical.
Microsoft isn’t messing around with the first Patch Tuesday of 2016. Today’s release of 9 bulletins, 6 critical and 3 important, include the last available updates for the 2012 disaster that was Windows 8 – not 8.1 – and Internet Explorer versions 8, 9 and 10. The move is further evidence Microsoft is testing the waters for providing OS-as-a-service with shorter end of support cycles for anything other than the most current OS and browser versions.
In the final Patch Tuesday of 2015, Microsoft released 12 bulletins; 8 are critical and 4 are important. 8 out of the 8 critical bulletins and 2 out of the 4 important bulletins allow remote code execution, so this is a Patch Tuesday that should be taken very seriously. These 12 bulletins bring our total to 135 this year,
Today, on the November edition of Patch Tuesday, Microsoft issued 12 security updates addressing a total of 53 vulnerabilities. Four of them are rated critical and the remaining eight are important and the impacted software list is long. While last month’s patch load made 2015 the biggest patch year in recent memory, this month proves there is no slowing down.
This October Patch Tuesday, Microsoft published just six bulletins, three of which are critical but they do cover most commonly used versions of Office and Windows. Four of the six bulletins impact Windows 10 and will be rolled up into the Windows 10 cumulative update. Compared with months past, this is a light month which is good news.
In today’s Patch Tuesday, Microsoft released 12 security bulletins, five of which are critical. With this month’s patch load, we can count 105 updates released so far this year which is only one update short of the total number of bulletins released back in 2013. We have already far exceeded last year’s total of 85.
Despite the launch of Windows 10 and all the talk about mandatory updates, today is still Patch Tuesday. And this month, everyone should pay attention. Microsoft shared avulnerability smorgasbord today – offering a little something for everyone. From office and browser applications to desktops and servers, Microsoft covered them all with 14 bulletins.
As of August 1, ComputerWorld reported Windows 10 global usage had climbed to 2.5%. Not too shabby for the OS that was launched just three days earlier on July 29. Those numbers easily beat early adoption rates for Windows 8.1 but, I wonder how those users are faring? A quick read of headlines shows a lot of headaches ranging from overall privacy concerns to unwanted update files being delivered to networked machines still running Windows 7 or 8.1.
No sooner have you digested the latest Patch Tuesday releases than you’re hit by a relatively rare out-of-band patch from Microsoft. As Russ said in his post, it’s definitely a crazy month!
This emergency patch corrects a remote code execution (RCE) vulnerability found in all supported versions of Windows – including the soon-to-be released Windows 10.