6 min
Haxmas
HaXmas Review: A Year of Patch Tuesdays
Today’s installment of the 12 Days of HaXmas [/tag/haxmas] is about 2017’s 12
months of Patch Tuesdays [/tag/patch-tuesday/]. Never mind that there were only
eleven months this year, thanks to Microsoft canceling
[https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/]
most of February’s planned fixes. This coincided with when they’d planned to
[https://blogs.technet.microsoft.com/msrc/2016/11/08/furthering-our-commitment-to-security-updates/]
roll out their
2 min
Patch Tuesday
Patch Tuesday - December 2017
No big surprises from Microsoft this month
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/c383fa60-b852-e711-80dd-000d3a32f9b6]
, with 70% of the 34 vulnerabilities addressed being web browser defects. Most
of these are Critical Remote Code Execution (RCE) vulnerabilities, so
administrators should prioritize patching client workstations. It doesn't take
sophisticated social engineering tactics to convince most users to visit a
malicious web page, or a legitimate but
1 min
Patch Tuesday
Patch Tuesday - November 2017
Web browser issues account for two thirds of this month's patched
vulnerabilities
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99]
, with 24 CVEs for Edge and 12 for Internet Explorer being fixed. Many of these
are classified as Critical (allowing code execution without user interaction).
This is no surprise, as browser bugs are typically well represented on Patch
Tuesdays. On top of this are five Adobe Flash Player vulnerabilitie
2 min
Patch Tuesday
Patch Tuesday - October 2017
Patch Tuesday round-up for October 2017
1 min
Patch Tuesday
Patch Tuesday - September 2017
It's a big month, with Microsoft patching
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/5984735e-f651-e711-80dd-000d3a32fc99]
85 separate vulnerabilities including the two Adobe Flash Player Remote Code
Execution
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170013]
(RCE) fixes bundled with the Edge and Internet Explorer 11 updates. Continuing
recent trends, the bulk of Critical RCE vulnerabilities are client-side,
primarily in Edge, IE,
2 min
Microsoft
Patch Tuesday - June 2017
This month sees another spate of critical fixes
[https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99]
from Microsoft, including patches for a number of Remote Code Execution (RCE)
vulnerabilities. Two of these are already known to be exploited in the wild (
CVE-2017-8543
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543]
and CVE-2017-8464
[https://portal.msrc.microsoft.com/en-US/security-guidance/advis
2 min
Microsoft
Patch Tuesday - May 2017
It's a relatively light month as far as Patch Tuesdays go, with Microsoft
issuing fixes for a total of seven vulnerabilities as part of their standard
update program. However, an eighth, highly critical vulnerability (CVE-2017-0290
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290]
) that had some of the security community buzzing over the weekend was also
addressed [https://technet.microsoft.com/en-us/library/security/4022344] late
Monday evening. A flaw in the
5 min
Microsoft
Actionable Vulnerability Remediation Projects in InsightVM
Security practitioners and the remediating teams they collaborate with are
increasingly asked to do more with less. They simply cannot remediate
everything; it has never been more important to prioritize and drive
remediations from start to finish.
The Remediation Workflow capability in InsightVM
[https://www.rapid7.com/products/insightvm/] was designed to drive more
effective remediation efforts by allowing users to project manage efforts both
large and small. Remediation Workflow is designed
1 min
Microsoft
Patch Tuesday - April 2017
This month's updates deliver vital client-side fixes, resolving publicly
disclosed remote code execution (RCE) vulnerabilities for Internet Explorer and
Microsoft Office that attackers are already exploiting in the wild. In
particular, they've patched the CVE-2017-0199
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199]
zero-day flaw in Office and WordPad, which could allow an attacker to run
arbitrary code on a victim's system if they are able to successfully soc
0 min
Microsoft
February 2017 Patch Tuesday: Delayed
Earlier today Microsoft announced
[https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/]
that they will be delaying this month's security updates due to finding a
last-minute issue that could "impact some customers." This may be due to a
glitch in their new process
[/2017/02/06/a-reminder-about-upcoming-microsoft-vulnerability-content-changes]
that they were not able to iron out in time for today's planned release.
We will be keeping an eye out for any up
3 min
Nexpose
Patch Tuesday, November 2016
November [https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx]
continues a long running trend with Microsoft's products where the majority of
bulletins (7) address remote code execution (RCE), closely followed by elevation
of privilege (6) and security feature bypass (1). All of this month's critical
bulletins are remote code execution vulnerabilities, affecting a variety of
products and platforms including Edge, Internet Explorer, Exchange, Microsoft
Office, Office Services and
2 min
Nexpose
Patch Tuesday, October 2016
October [https://technet.microsoft.com/library/security/ms16-oct] continues a
long running trend with Microsoft's products where the majority of bulletins (6)
address remote code execution (RCE) followed by elevation of privilege (3) and
information disclosure (1). All of this month's critical bulletins are remote
code execution vulnerabilities, affecting a variety of products and platforms
including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services
and Web Apps, Sharepoint as
2 min
Nexpose
Patch Tuesday, July 2016
July [https://technet.microsoft.com/en-us/library/security/ms16-jul.aspx]
continues an on-going trend with Microsoft's products where the majority of
bulletins (6) address remote code execution (RCE) followed by information
disclosure (2), security feature bypass (2) and elevation of privilege (1). All
of this month's 'critical' bulletins are remote code execution vulnerabilities,
affecting a variety of products and platforms including Edge, Internet Explorer,
Microsoft Office, Office Services
2 min
Microsoft
On Badlock for Samba (CVE-2016-2118) and Windows (CVE-2016-0128)
Today is Badlock Day
You may recall that the folks over at badlock.org [http://badlock.org/] stated
about 20 days ago that April 12 would see patches for "Badlock," a serious
vulnerability in the SMB/CIFS protocol that affects both Microsoft Windows and
any server running Samba, an open source workalike for SMB/CIFS services. We
talked about it back in our Getting Ahead of Badlock
[/2016/03/30/getting-ahead-of-badlock] post, and hopefully, IT administrators
have taken advantage of the pre-releas
2 min
Nexpose
Update Tuesday, November 2015
November sees a mix of remote code execution and elevation of privilege
vulnerabilities enabling an attacker to gain the same rights as the user when
the victim opens specially crafted content, such as a webpage, journal file or
document containing embedded fonts. These vulnerabilities affect Internet
Explorer (7 and onwards), Edge, and Windows (Vista and onwards). It is
advisable for users and administrators to patch the affected platforms.
Microsoft includes 12 security bulletins, a third of
