patch tuesday

A new kind of vulnerability popped up recently, one that lets hackers stick a USB thumb drive into a computer -- even if it's logged-off or locked -- type out a bit of attack code and steal whatever data they want.

In an effort to avoid this type of cyberattack, Microsoft issued its monthly software patches today and included a fix for this Windows vulnerability called MS13-027. This vulnerability lets a hacker get into the computer with a thumb drive and take over administrative privileges.

"When the Windows USB device drivers enumerate the device, parsing a specially crafted … Read more

It's February 12, yet another Patch Tuesday. Among the security fixes aplenty that Microsoft is rolling out today are a few other non-security-specific updates for Windows RT and Windows 8.

As previously announced, the February cumulative update includes fixes designed to improve Surface Wi-Fi reliability and connectivity, a Microsoft spokesperson confirmed.

Microsoft also has provided a fix for the app-store-downloading bug that a number of Surface RT and Windows RT users reported a few weeks back. The problem resulted in Windows RT systems entering "Connected Standby" while the devices were downloading new Windows Updates via Automatic Update. … Read more

Microsoft is deploying a larger bunch of bug fixes this month than usual.

Next week's Patch Tuesday will address 57 different security vulnerabilities through 12 separate updates.

The bugs stretch across a range of programs, including Windows, Internet Explorer, Windows Server, Microsoft Exchange, and Microsoft's .Net Framework.

Five of the 12 patches are rated critical, so they're designed to patch holes that could allow someone to execute malicious code on an unprotected PC. Two of the critical patches are aimed at all versions of Internet Explorer from 6 through 10. That means all current versions of Windows … Read more

Windows 8 and RT are set to receive their second lineup of bug fixes when next week's Patch Tuesday rolls around.

The patches are also aimed at the other current versions of Windows, including XP, Vista, and Windows 7, as well as Server 2003 and 2008.

Five of the patches are rated critical, while two are deemed important. The critical ones are designed to shore up holes in the OS that could allow an attacker to infect a PC with malicious code.

Assuming Windows Update is set to automatic, critical patches are automatically installed, while those considered important can … Read more

Windows 8 and Windows RT will receive their first security fixes when next week's Patch Tuesday rolls around from Microsoft.

The patches are designed to prevent "remote code execution," which means they'll plug holes in the OS that could let someone remotely run malicious code on a PC.

Beyond securing Windows 8, the fixes cover just about every other version of Windows, including XP, Vista, and Windows 7 as well as Server 2003, 2008, and 2012.

The rollout includes six security patches, four of which are considered critical, one important, and one moderate. Most of the … Read more

Microsoft has announced what vulnerabilities it plans to patch on Tuesday.

According to the company, its Tuesday update will include fixes for nine issues. Three of those issues are "critical" vulnerabilities, meaning that they can allow code execution without any user interaction. The remaining vulnerabilities are labeled as "important."

Although all three of of the Critical vulnerabilities center on Windows, one of them also includes Internet Explorer 9. Interestingly, the flaw does not extend to previous versions of the browser, so it appears it's something new. Beyond that, the nine patches address flaws in everything … Read more

Microsoft is urging Windows users to apply yesterday's security updates to patch critical holes affecting Internet Explorer and Media Player.

The critical IE update affects versions 7, 8, and 9, and could allow an attacker to remotely run code on a user's PC using a "specially crafted Web page," according to Microsoft. As such, someone who exploited the hole could grab the same rights as the local user, of special concern if the user has administrative rights.

The update brings Internet Explorer 9 up to version 9.0.5. The vulnerability also affects IE 6 but … Read more

A Microsoft Windows update today fixes a weakness in the protocols used to secure e-commerce sites, which was first exposed by researchers using a tool they dubbed "BEAST."

Microsoft planned to release the BEAST (Browser Exploit Against SSL/TLS)-related patch last month, but had to pull it because it created compatibility issues with SAP software. Researchers had demonstrated the vulnerability using BEAST in September, prompting fears that attackers would use the tool to snoop on protected Internet sessions in what is called a "man-in-the-middle" attack. MS12-006 patches a hole in the Secure Sockets Layer and … Read more

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.

As part of Patch Tuesday today Microsoft released 13 security bulletins, fixing 10 important bugs and three critical ones, according to the advisory.

MS11-087 fixes a critical hole in the TrueType font handling in the Windows kernel that could allow an attacker to take control of a machine. It has been used in the wild to infect systems with the Duqu malware. "Now that the patch … Read more