patch tuesday

Windows 8 and Windows RT will receive their first security fixes when next week's Patch Tuesday rolls around from Microsoft.

The patches are designed to prevent "remote code execution," which means they'll plug holes in the OS that could let someone remotely run malicious code on a PC.

Beyond securing Windows 8, the fixes cover just about every other version of Windows, including XP, Vista, and Windows 7 as well as Server 2003, 2008, and 2012.

The rollout includes six security patches, four of which are considered critical, one important, and one moderate. Most of the … Read more

Microsoft has announced what vulnerabilities it plans to patch on Tuesday.

According to the company, its Tuesday update will include fixes for nine issues. Three of those issues are "critical" vulnerabilities, meaning that they can allow code execution without any user interaction. The remaining vulnerabilities are labeled as "important."

Although all three of of the Critical vulnerabilities center on Windows, one of them also includes Internet Explorer 9. Interestingly, the flaw does not extend to previous versions of the browser, so it appears it's something new. Beyond that, the nine patches address flaws in everything … Read more

Microsoft is urging Windows users to apply yesterday's security updates to patch critical holes affecting Internet Explorer and Media Player.

The critical IE update affects versions 7, 8, and 9, and could allow an attacker to remotely run code on a user's PC using a "specially crafted Web page," according to Microsoft. As such, someone who exploited the hole could grab the same rights as the local user, of special concern if the user has administrative rights.

The update brings Internet Explorer 9 up to version 9.0.5. The vulnerability also affects IE 6 but … Read more

A Microsoft Windows update today fixes a weakness in the protocols used to secure e-commerce sites, which was first exposed by researchers using a tool they dubbed "BEAST."

Microsoft planned to release the BEAST (Browser Exploit Against SSL/TLS)-related patch last month, but had to pull it because it created compatibility issues with SAP software. Researchers had demonstrated the vulnerability using BEAST in September, prompting fears that attackers would use the tool to snoop on protected Internet sessions in what is called a "man-in-the-middle" attack. MS12-006 patches a hole in the Secure Sockets Layer and … Read more

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.

As part of Patch Tuesday today Microsoft released 13 security bulletins, fixing 10 important bugs and three critical ones, according to the advisory.

MS11-087 fixes a critical hole in the TrueType font handling in the Windows kernel that could allow an attacker to take control of a machine. It has been used in the wild to infect systems with the Duqu malware. "Now that the patch … Read more

Hewlett-Packard mulls what to do with WebOS, Asus unveils a powerful tablet, and Adobe ceases development of a Flash Player plug-in for mobile devices.

Links from Wednesday's episode of Loaded:

Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan.

The most serious of the updates is MS11-083, which could allow an attacker to take over a computer by sending a large number of malicious UDP packets to a closed port on a target system, the Patch Tuesday security bulletin said. It plugs a vulnerability in the TCP/IP stack in Windows 7, Vista, and Server 2008.

"Since this vulnerability does not require any user interaction or authentication, … Read more

Microsoft has released a new update for Internet Explorer 9 that aims to patch several outstanding security holes.

Available through Windows Update since Tuesday, the security update is rated critical by Microsoft, which means that people who have Windows Update set to "install updates automatically" will automatically receive it.

Users who haven't enabled that option are advised to install the update manually from Windows Update. IT administrators who support large organizations should also apply the update with whatever patch management software they use in-house.

The update targets eight vulnerabilities in IE9, some of which could let a … Read more

Microsoft today issued eight security bulletins plugging 23 holes, including a critical patch for vulnerabilities that could allow an attacker to take control of a computer, if someone visited a malicious Web page using Internet Explorer.

The cumulative IE patch, MS11-081, fixes eight holes and is rated high priority among today's Patch Tuesday bulletins, which include two rated critical and six rated important.

The other high-priority bulletin is MS11-078, which fixes a vulnerability in .Net Framework and Microsoft Silverlight that could allow an attacker to remotely execute code on a machine, if a user views a malicious Web page … Read more