Miles Associates LLC

Jim Miles – IT & IT Security Consultant – Web Sites for Growing Organizations

Tag Archives: Patch Tuesday

May 2011 Patch Tuesday Security Bulletins | eEye Digital Security

This month, Microsoft released 2 patches which repair a total of 3 vulnerabilities. Both of these patches address Remote Code Execution vulnerabilities.

via Patch Tuesday Security Bulletins | eEye Digital Security.

Out-of-band patch: MS warns of hack attempt on major sites

Microsoft issued a warning today that nine fraudulent digital certificates were issued by root certificate authority, Comodo Group. Although the certificates were quickly revoked, their initial release still poses a threat to browser users, including users of Internet Explorer. This is not a security flaw in Microsoft software, the company says, but it released a security update for Windows all the same.

The nine fake certificates affect the following Web sites, Microsoft says:

  • login.live.com (Windows Live)
  • mail.google.com
  • http://www.google.com
  • login.yahoo.com (3 certificates)
  • login.skype.com
  • addons.mozilla.org
  • “Global Trustee”

Fraudulent certificates give hackers the ability to spoof content, phish, or insert themselves in man-in-the-middle attacks, collecting information that users think is being sent over a secure link from browser to Web site.

via Network World.

eEye’s analysis of February’s Patch Tuesday

This month, Microsoft released 12 patches which repair a total of 22 vulnerabilities. 5 of these patches address Remote Code Execution vulnerabilities, 5 address Elevation of Privilege, 1 addresses Denial of Service, and 1 addresses Information Disclosure.

via eEye Digital Security.

eEye’s analysis of January’s patch Tuesday

eEye’s Patch Tuesday analysis

This month, Microsoft released 17 patches which repair a total of 40 vulnerabilities. Of these 17 patches, 10 address Remote Code Execution vulnerabilities, 4 address Elevation of Privilege vulnerabilities, and 3 address Denial of Service.

Patch Precedence

eEye advises administrators to patch MS10-090 and MS10-091, followed by MS10-092, MS10-093, MS10-094, MS10-095, MS10-096, MS10-097, MS10-098, MS10-099, MS10-100, MS10-101, MS10-102, MS10-103, MS10-104, and MS10-105, and then patch MS10-106.

via eEye Digital Security.

Microsoft ends record security year with huge Patch Tuesday

Microsoft’s security team broke all sorts of records for issuing patches this year, and 2010’s final Patch Tuesday was the biggest one of all.

“Microsoft is ending this year on a high note, with their highest number of bulletins ever,” nCircle director of security operations Andrew Storms notes. “With a record 17 bulletins … we are getting a huge number of individual bug fixes.”

via Microsoft ends record security year with huge Patch Tuesday.

eEye’s August Patch Analysis

This month, Microsoft released 15 patches which repair a total of 35 vulnerabilities. Of these 15 patches, 11 address Remote Code Execution vulnerabilities and 4 address Elevation of Privilege vulnerabilities.

Patch Precedence

  • Administrators are advised to patch MS10-054, MS10-053, and MS10-056 immediately to prevent exploitation by attackers.
  • Next, administrators should patch MS10-049, 050, 051, 052, 055, 057, and 060 as soon as possible.
  • Lastly, administrators should patch MS10-047, 048, 058 and 059 at their earliest convenience.

As always, eEye suggests that all users apply Microsoft patches as fast as possible…

via eEye Digital Security.

“Massive Patch Tuesday” scheduled

Microsoft today said it will deliver a record 14 security updates next week to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer IE, Office and Silverlight.

via http://www.networkworld.com/news/2010/080510-microsoft-slates-record-setting-monster-patch.html.

Out-of-band MS Patch!

Today, Microsoft released a special out-of-band patch which repairs a single Remote Code Execution vulnerability in how Windows Shell processes .lnk files.

As always, eEye suggests that all users apply Out of Band Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity.

via eEye Digital Security.

Microsoft plans gigantic Patch Tuesday next week

 Slates record-tying 34 patches for Windows, IE, Office and SharePoint

The patches will also quash two bugs that Microsoft acknowledged in February and April.

“I’d actually call this a moderate month,” said Andrew Storms, director of security operations at nCircle Security. “Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn’t look like a huge month to me.”

By the numbers, however, next week’s updates will be huge. Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.

via networkworld.com.