December 2013 Microsoft Patch Tuesday Security Updates

One zero-day down, one to go. As expected, Microsoft did today patch a zero-day in its GDI+ graphics component MS13-096 reported more than a month ago after exploits were spotted in the wild. The fix was one of 11 security bulletins—five critical—released as part of the December 2013 Patch Tuesda...

TIFF Zero Day Patch Among December 2013 Microsoft updates

Microsoft will, next week, patch a zero-day vulnerability in its GDI+ graphics component being exploited in targeted attacks in the Middle East and Asia. The zero day has sat unpatched since it was made public Nov. 5; Microsoft did release a FixIt tool as a temporary mitigation. The patch is one ...

Zero Day Fixed in Microsoft November 2013 Patch Tuesday

Microsoft today issued eight bulletins addressing 19 separate vulnerabilities in its Windows operating system, Internet Explorer Web browser, Office, and other products. Microsoft gave three of the bulletins its highest “critical” rating, while the remaining five received the second-most-severe...

IE Zero Day Patch Already in November Patch Tuesday Updates

Microsoft announced this afternoon that the zero-day vulnerability being exploited in a watering hole attack against an unnamed U.S.-based NGO website was already scheduled to be patched in a cumulative Internet Explorer update tomorrow. The zero-day was reported publicly on Friday by FireEye...

October Patch Tuesday Fixes Critical IE Bugs, 28 Vulnerabilities

As expected, Microsoft began shipping its latest batch of Patch Tuesday patches earlier this afternoon. However, while it was heavily presumed the update would fix at least one Internet Explorer zero day, the update actually fixes two critical vulnerabilities in the browser. Eight bulletins — fou...

Microsoft Patch Tuesday - 8 Security Updates, 4 critical vulnerabilities, including Internet Explorer zero-day

October is turning out to be a busy month for patches. This month also marks the 10-year anniversary of the Patch Tuesday program, which Microsoft started in October of 2003. Scheduled for tomorrow, Microsoft has announced that they will release eight security updates including four critical,...

Microsoft Readies Eight Patches, IE Zero Day Fix

Microsoft has announced that it plans to release eight patches next week as part of its October Patch Tuesday release, addressing flaws in its Windows, the .NET Framework, Office, Server, Silverlight and most importantly its Internet Explorer browser. Four of the patches are marked critical,...

Adobe Prepping October Patches for Reader, Acrobat

Adobe has announced that it plans to patch critical vulnerabilities in two products, Adobe Reader and Acrobat XI 11.0.04 for Windows, next week as part of its monthly Patch Tuesday updates. Adobe posted about the impending updates yesterday on its Product Security Incident Response Team PSIRT blo...

A Decade of Microsoft Patch Tuesday Security Updates

On Oct. 9, 2003, Microsoft announced its new security patching process that would end up being a catalyst for significant change in the information security community. Ten years ago, the program was announced with a press release that promised “Improved patch management processes, policies and...

BlackBerry Patches Security Flaws in Z10, Q10, PlayBook

BlackBerry climbed aboard the Patch Tuesday bandwagon today with four advisories patching vulnerabilities in Adobe Flash, Webkit and libexif on the company’s mobile devices. Adrian Stone, director of BlackBerry’s security incident response and threat analysis, said the company is not aware of any...

September's Patch Tuesday updates to fix Critical flaws in Windows, IE and Office

This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Softwar...

September's Patch Tuesday updates to fix Critical flaws in Windows, IE and Office

This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Softwar...

Office, SharePoint Patches Await September Patch Tuesday

Today’s monthly advance notification of Microsoft’s upcoming security bulletin release on Tuesday includes a number of critical Office patches that have experts worried. Of particular concern are remote code execution vulnerabilities in Outlook 2007 and 2010 that can be exploited by merely...

Jumping Out of IE's Sandbox With One Click

Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release...

Faulty Microsoft Exchange Server 2013 Patch Pulled Back

Microsoft announced Wednesday afternoon that it has pulled MS13-061, one of the patches issued yesterday for vulnerabilities in Exchange Server 2013. Microsoft said the patch is causing issues with the content index for mailbox databases. Organizations would still be able to send and receive emai...

Microsoft Patch Tuesday to Fix Three Critical Remote Code Execution vulnerabilities

Yeah, it's Patch Tuesday once again. Almost 10 years ago in October, 2003 - Microsoft invented the process of regularly scheduled security updates on every second Tuesday of the Month, as Patch Tuesday. Today, the Microsoft Security team will issue eight security updates in total, out of that --...

Microsoft Patch Tuesday to Fix Three Critical Remote Code Execution vulnerabilities

Yeah, it’s Patch Tuesday once again. Almost 10 years ago in October, 2003 - Microsoft invented the process of regularly scheduled security updates on every second Tuesday of the Month, as Patch Tuesday. Today, the Microsoft Security team will issue eight security updates in total, out of that --...

August 2013 Microsoft Patch Tuesday Security Updates

Another month, another set of Microsoft Patch Tuesday security updates for Internet Explorer. For what seems to be the umpteenth month in a row, Microsoft will patch its browser, one of three critical updates expected to be shipped on Tuesday among eight bulletins. While IE patches remain a...

Microsoft Expands MAPP Program to Incident Response Teams

Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific...

Internet Explorer vulnerability exposed by Google Researcher used in targeted attacks

Google and Microsoft are at each other's throats again. In a recent statement, Microsoft says hackers have been actively exploiting a vulnerability that was publicly disclosed by a Google researcher, Tavis Ormandy. Microsoft addressed the vulnerability in its monthly "Patch Tuesday" package of...