As modern civilization continues to advance, fuelled in many ways by innovations in digital technology, all types of businesses and government organizations are becoming increasingly dependant on the IT infrastructure powered by Windows Servers.
It’s that glorious time of the month, time for all Windows sysadmins to apply the latest fixes delivered by Microsoft.
This month’s delivery includes 14 fixes with 4 of them rated Critical and the rest rated Important. In the Critical category we find fixes for remote code execution flaws that affect Windows, Office, the .NET Framework and more. Interestingly, in the first Patch Tuesday since Windows 10 was released, we find critical fixes for Microsoft’s new Edge browser too.
The remainder of the fixes address various privilege escalation and information exposure problems.
For the complete list of fixes see the Microsoft Security Bulletin Summary for August 2015.
It’s Patch Tuesday again and time for all Windows sysadmins to apply the latest set of fixes from Microsoft.
This month’s delivery includes a total of 14 patches with 4 of them listed as critical.
One of the fixed flaws is flaws is a perfect example of why all system administrators need security on multiple levels.
This month’s Patch Tuesday fell on the 14th this month and Microsoft delivered 11 patches with four of them rated critical. The first critical fix addresses multiple issues in Internet Explorer.
This month’s Patch Tuesday fell on the 12th of April and Microsoft delivered 13 patches with three of them rated critical. As usual there was a Cumulative Security Update for Internet Explorer which fixed multiple Critical issues. These days it takes less and less time for exploits to appear in the wild so if your organization still supports IE as a browser you’ll want to patch your servers and workstations as soon as possible.
It’s Patch Tuesday again for all Windows sysadmins and this month’s delivery includes more fixes than usual.
Microsoft’s security bulletin lists 14 individual fixes including a fix for the recently discovered “FREAK” vulnerability. Of the fourteen fixes, 5 of them are rated Critical and the rest are Important.
Also included are fixes for issues in Internet Explorer, the VBScript scripting engine, a flaw in an Adobe font driver bundled with Windows, and issues in Microsoft Office. All of these could result in a remote code exploit so it’s vital that Windows-based systems are patched as soon as possible.
New Security Internet Security Flaw Discovered
The list of flaws in trusted security algorithms has grown again with the recent announcement of the “FREAK” (Factoring Attack on RSA-EXPORT Keys) vulnerability also known as CVE-2015-0204.
First reports confirmed that many OpenSSL implementations contained the flaw and today Microsoft issued Security Advisory 3046015 confirming that all versions of Windows are vulnerable.
Where Did The Freak Vulnerability (CVE2015-0204) Come From?
The details of the vulnerability are alarming and largely due to flawed federal policies on encryption dating back to the 1990s. Around that time products like PGP (Pretty Good Privacy) were starting to see wider distribution and the U.S. officials responded by passing laws to control the export of any product that included high grade encryption. It was a futile effort and the battle was eventually won by crusaders such as Phil Zimmerman.
Some would even say there is a darker side to government efforts on the control and distribution of encryption technology:
January 2015 – 1 Critical and 7 Important Fixes
The first Patch Tuesday for 2015 has been released and Windows sysadmins will be busy updating as usual.
This release includes 8 fixes with 1 listed as Critical and 7 more listed as Important. It’s always vital to make sure your systems are fully patched but Windows admins may feel some comfort knowing that the only critical issue is one that affects the Windows Telnet Service.
The internet has been around for more than half a century, going back to the 1960s when the US Department of Defense first awarded contracts for packet network systems. With each passing decade, we saw a greater proliferation of the net into more areas of our lives, transforming our world into a global, knowledge-based civilization; however, one of the big problems with today’s internet technology is the abundance of security bugs, lingering from out-of-date nodes in the net.