Risk of 'Destructive Cyber Attacks' Prompts Microsoft to Update XP Again

Fearing destructive attacks precipitated by the availability of the nation-state exploits in the wild that spawned the WannaCry outbreak, Microsoft today announced that its Patch Tuesday updates would include fixes for older versions of Windows, including XP. The move is unusual and mimics a...

Adobe Fixes 21 Critical Vulnerabilities with June Patch Tuesday Update

Adobe fixed 21 vulnerabilities across four products today, releasing patches for Flash, Shockwave Player, Captivate, and Adobe Digital Editions. Most of the vulnerabilities, 15 of the 21, are marked critical by the company because they could lead to code execution. The updates came in the form of...

InsightVM/Nexpose Patch Tuesday Reporting

Many of our customers wish to report specifically on Microsoft patch related vulnerabilities. This often includes specific vulnerabilities that are patched in Patch Tuesday updates. This post will show you the various ways that you can create reports for each of these. Remediation Projects...

Microsoft's New Security Update Guides Get Mixed Reviews

Microsoft is receiving mixed reviews for its shift to delivering security update information via its newly launched Security Update Guides. The change was official in April, with Microsoft explaining it would allow system administrators to effectively pair specific patches with vulnerabilities, a...

Patch Tuesday - May 2017

It's a relatively light month as far as Patch Tuesdays go, with Microsoft issuing fixes for a total of seven vulnerabilities as part of their standard update program. However, an eighth, highly critical vulnerability CVE-2017-0290 that had some of the security community buzzing over the weekend w...

Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually released an emergency update on Monday just hours ahead of today's regularly scheduled "Patch Tuesday" the 2nd Tuesday of each month to fix a dangerous flaw present in most...

Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1

Hours before today’s Patch Tuesday release on the eve of May 8, Microsoft released an emergency updated to fix a vulnerability in their Malware Protection Engine. This critical vulnerability allows an attacker to take complete control of the victim's machine by just sending an e-mail attachment...

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made. The mystery Windows zero day CVE-2017-0290 was in the Microsoft Malware...

Wormable Windows Zero Day Reported to Microsoft

Google Project Zero researcher Tavis Ormandy has a long legacy of finding unknown, critical software vulnerabilities to his credit. So when he calls a new bug the worst in recent memory, it’s likely not hyperbole. On Saturday, Ormandy tweeted that he and colleague Natalie Silvanovich has found a...

Recently being a hot Word 0day vulnerability has been used for malware spreading and the country attack-vulnerability warning-the black bar safety net

Recently Microsoft Word 0day vulnerabilities is very hot, this month's Patch Tuesday, Microsoft also finally released for the CVE-2017-0199 vulnerability patch, and the previously reported difference is that this vulnerability also affects Microsoft's own WordPad. According to security firm FireE...

Patch Tuesday - April 2017

This month's updates deliver vital client-side fixes, resolving publicly disclosed remote code execution RCE vulnerabilities for Internet Explorer and Microsoft Office that attackers are already exploiting in the wild. In particular, they've patched the CVE-2017-0199 zero-day flaw in Office and...

April 2017 Patch Tuesday Video Highlights

Microsoft Fixes 45 Vulnerabilities with new Security Update Guide and says goodbye to Security Bulletins. Adobe Fixes Flash, PDF reader and Photoshop...

On Pwn2Own, Patch Tuesday, and SAP Bugs

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug. Download: ThreatpostNewsWrapMarch172017.mp3 Music by Chris Gonsalves...

Patch Tuesday Returns; Microsoft Quiet on Postponement

Patch Tuesday returned today as expected after last month’s postponement with a giant release of fixes that includes patches for vulnerabilities disclosed and exploited since the last set of updates in January. Microsoft, however, was relatively silent on the reasons why the February updates were...

Adobe Fixes Six Code Execution Bugs in Flash

Adobe on Tuesday patched seven vulnerabilities in Flash Player, six that could lead to code execution. The company said it isn’t aware of any of the vulnerabilities being exploited in the wild but is still encouraging users to update Flash for Windows, Macintosh, Linux and Chrome OS. The...

Unpatched SMB Zero Day Easily Exploitable

In what’s turning out to be the zero day that keeps on giving, researchers are still finding ways to exploit an unpatched denial of service vulnerability that exists in the way Windows implements the Server Message Block protocol. Details around the bug aren’t a mystery. Laurent Gaffié, the...

Google Discloses Another 'High Severity' Microsoft Bug

Google Project Zero disclosed Monday a “high severity” vulnerability it found in Microsoft’s Edge and Internet Explorer browsers that could allow remote attackers to execute arbitrary code. The revelation adds yet another vulnerability to a growing list of known bugs Microsoft has been warned...

Publicly Disclosed Windows Vulnerabilities Await Patches

As a consequence of skipping its February Patch Tuesday release, Microsoft is leaving two publicly disclosed vulnerabilities unpatched with proof-of-concept exploits available for both. That raises the stakes exponentially on possible attacks, said Tod Beardsley, senior research director at Rapid...

Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched

Microsoft on Tuesday released security update KB 4010250 to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched. Just last week, Microsoft announced that its February...

Microsoft Waits for Patch Tuesday to Fix SMB Zero Day

Microsoft will not rush out an emergency patch for a zero-day vulnerability disclosed on Wednesday in the Windows implementation of the Server Message Block protocol. Researcher Laurent Gaffie announced in a tweet, below, that he’d found a zero-day vulnerability in SMBv3 and released a...