patch

Microsoft is gearing up for another Patch Tuesday.

In its regular series of monthly security fixes, the company tomorrow is launching eight separate bulletins to patch 23 different holes in a small but key range of products. Marked as "critical," two of the bulletins are aimed at stopping hackers from remotely running code in Windows, Internet Explorer, .NET, and Silverlight.

Specifically, these two bulletins are deemed critical for the desktop versions of Windows and should be applied to Windows XP, Windows Vista, and Windows 7. Only one of the bulletins is tagged as critical for Windows Server 2003, … Read more

Microsoft and Adobe released security fixes today, and Microsoft blacklisted six more root certificates in the wake of a breach at DigiNotar that allowed fraudulent SSL certificates to be issued.

As part of its monthly Patch Tuesday, Microsoft released five security bulletins, none of which are critical, plugging 15 holes. Affected software includes Windows, Office, Excel, SharePoint, Windows Server, and Office Web Apps.

More details are in the advisory, which Microsoft had accidentally posted online four days early before removing it to save it for today.

Meanwhile, Microsoft revoked certificates signed by two certificate authorities, Entrust and Cybertrust, which had … Read more

Microsoft has rolled out a new update for Internet Explorer 9 that fixes a host of different security holes.

Launched yesterday on Microsoft's familiar "Patch Tuesday," the August 2011 Cumulative Security Update for Internet Explorer is a critical one that resolves issues not just in IE9 but in versions 6, 7, and 8 as well, according to a Microsoft blog. The update is available through Windows Update, so IE users who have Windows automatic updates turned on should have already received it.

The patch takes care of five holes in IE that were disclosed in coordination with … Read more

Microsoft released four security bulletins for Patch Tuesday today, including one that fixes a critical hole related to Bluetooth in Windows 7 and Vista and three less serious patches that plug 21 holes affecting all supported versions of Windows and Visio 2003.

The highest priority is MS11-053, which fixes a vulnerability that could allow an attacker to take control of a computer by sending malicious Bluetooth wireless packets.

Jerry Bryant, group manager for security response at Microsoft, downplayed the possibility of exploitation in the wild, saying there are mitigating factors, including the fact that Bluetooth on a target device would … Read more

Microsoft released 16 security bulletins today fixing 34 holes, including critical holes in Windows, SMB Client and Internet Explorer, while Adobe Systems fixed a hole in Flash Player that was reportedly being targeted in attacks.

Adobe's quarterly security bulletins include critical updates for Flash Player, Shockwave Player, and Adobe Reader and Acrobat. Meanwhile, Adobe said it will now offer users the opportunity to turn automatic update on by default.

Nine of Microsoft's bulletins are rated "critical" and the remainder are rated "important. There are four "critical-level" updates that Microsoft said in a blog post … Read more

It's easy to assume the important programs on our systems update automatically, but not all do. Some outdated apps can be security risks. I compared three free scanners that promise to identify programs in need of an update: Secunia's Personal Software Inspector (PSI), CNET's TechTracker, and KC Softwares' Software Updates Monitor (Sumo).

I'm not linking to Sumo because when I tested the program, it installed the Relevant Knowledge spyware along with the scanner even though I purposely chose what the company claimed was the spyware-free installation file.

PSI IDs more apps, provides plenty of update info … Read more

Windows 7 is four to five times less vulnerable to malware infections than is Windows XP.

Those are the findings of Microsoft's latest Security Intelligence Report (PDF), which detailed in depth the state of software vulnerabilities, exploits, security breaches, and malware in 2010.

Overall, the study found that infection rates for newer Microsoft operating systems with the latest service packs are consistently lower than those for older OSes, giving Windows 7 and Windows Server 2008 R2 the highest marks for security.

Looking at the number of reported infections per 1,000 computers, Microsoft found that Windows 7 64-bit had … Read more

Microsoft today fixed a critical hole in Windows and two less serious holes in Office in one of the lightest Patch Tuesdays in recent history.

The critical bulletin, MS11-035, fixes a vulnerability in the Windows Internet Name Service (WINS) that "could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service," according to the bulletin advisory. It affects Windows Server 2003 and 2008.

WINS is not installed on the affected operating system software by default, so only customers who manually install it are affected and will be offered the … Read more

Microsoft will issue two bulletins for Patch Tuesday next week--a "critical" one affecting Windows, and an "important" one for Office, the company said today.

Affected software includes Windows Server 2003, Server 2008, Office XP, Office 2003, Office 2007, Office 2004 for Mac and Office 2008 for Mac, according to the advance notice.

The light Patch Tuesday release follows 17 bulletins that Microsoft issued last month.

Microsoft also said it is changing its Exploitability Index, the guide it uses to provide customers information on how likely a vulnerability is of being exploited.

"Specifically, we will be … Read more