Here's an easier way to block the IE XXE zero day security hole

Here's an easier way to block the IE XXE zero day security hole

Many well-intentioned people recommend you disable/uninstall Internet Explorer right now to guard against a newly published zero day. It turns out there’s a much simpler way to fix the problem, as long as you don’t rely on MHT files....

04/18/2019

Win7/8.1/Server patch conflicts abated, somewhat, but it’s still too early to install the April crop

Win7/8.1/Server patch conflicts abated, somewhat, but it’s still too early to install the April crop

The blue-screen-inducing behavior in Sophos and Avast antivirus products has been addressed by emergency new versions. Avira, oddly, has yanked its advisories, but there’s no announced all-clear. In all cases, it’s still much too...

04/16/2019

This month’s Windows patching debacle gradually comes into focus

This month’s Windows patching debacle gradually comes into focus

April 2019 Windows patches wreaked havoc on many PCs, with crashes linked to Sophos, Avast and Avira products and debilitating slowdown reports on Win10 1809 machines. Who’s testing this stuff? Ends up the answer isn’t all that...

04/12/2019

Widespread reports of freezing with yesterday’s Win7 and 8.1 Monthly Rollups, KB 4493472 and  KB 4493446

Widespread reports of freezing with yesterday’s Win7 and 8.1 Monthly Rollups, KB 4493472 and KB 4493446

While most of Patch Tuesday seems to be going relatively smoothly, Win7, Win8.1, Server 2008 R2 and 2012 R2 machines are seeing multiple problems with this month’s patches, both Security-only updates and Monthly Rollups. Sophos has...

04/10/2019

Patch Tuesday’s coming, so lock down automatic updates

Patch Tuesday’s coming, so lock down automatic updates

Some day we may have decent Windows update-blocking settings, although I remain skeptical. For now, with Patch Tuesday nigh, it’s prudent to check and make sure you have automatic updating turned off.

04/08/2019

Reliable reports of blue screens after installing this week's Win10 1809 patch KB 4490481

Reliable reports of blue screens after installing this week's Win10 1809 patch KB 4490481

I’m getting reports from many directions, on a wide array of machines, that the second March cumulative update for Win10 version 1809, KB 4490481, is throwing “System Service Exception” blue screens on restart

04/04/2019

Microsoft releases 20 Office non-security patches — and doesn’t bother to document them

Microsoft releases 20 Office non-security patches — and doesn’t bother to document them

As is common on the first Tuesday of the month, yesterday Microsoft released its hoard of non-security Office patches. This time, though, there’s no official list of the patches — and many of them may have been released in March.

04/03/2019

It’s time to install the March Windows and Office patches

It’s time to install the March Windows and Office patches

With one important exception and a few niggling details, the March patches for Windows and Office are ready to go. Here’s how to get them installed safely.

04/02/2019

Microsoft Patch Alert: Most March patches look good

Microsoft Patch Alert: Most March patches look good

March was a comparatively light patching month and there don’t appear to be any immediate patching worries. A hopeful sign?

04/01/2019

Microsoft unexpectedly declares Win10, version 1809 ready for business

Microsoft unexpectedly declares Win10, version 1809 ready for business

Windows 10, version 1809 has been declared “Semi-Annual Channel,” although that terminology is officially unsupported. Remarkably, the change comes before Microsoft issues its second March cumulative update, leaves us with numerous...

03/28/2019

ASUS Live Update Utility cracked, installs ShadowHammer backdoor on 1M PCs, but only 600 targeted

ASUS Live Update Utility cracked, installs ShadowHammer backdoor on 1M PCs, but only 600 targeted

In yet another Rock Star malware announcement, Kaspersky unveils spectacular details of craftily subverted ASUS automatic update servers. Kaspersky estimates 1 million infections, but only 600 hand-coded machines targeted. Mostly,...

03/25/2019

The new 'Get Windows 10' announcement arrives for Win7 in KB 4493132

The new 'Get Windows 10' announcement arrives for Win7 in KB 4493132

Unlike the infamous GWX debacle from when Win10 first arrived, this kinder, gentler nag can, in theory, be reliably disabled. It’s rolling out just now in an optional Windows 7 update, KB 4493132.

03/20/2019

March 2019 Windows and Office patches poke a few interesting places

March 2019 Windows and Office patches poke a few interesting places

Although it’s much too early to draw any definitive conclusions, initial reports are that the March 2019 Patch Tuesday rollout hasn’t hit any major bumps. There are a few odd nuances, though, that warrant your consideration.

03/13/2019

With Windows 10 version 1903 imminent, it’s more important than ever to lock down Windows updates

With Windows 10 version 1903 imminent, it’s more important than ever to lock down Windows updates

This month's Patch Tuesday will likely include the usual swamp of buggy patches – we’ve seen it over and over again for most of the past year. Now, though, you should be extra careful to block the new Win10 version 1903 in case it...

03/11/2019

February's Windows and Office patches look ripe, but look out for Win 8.1

February's Windows and Office patches look ripe, but look out for Win 8.1

With a few lingering holes plugged in the past couple of days, it looks like the coast is clear for applying the February 2019 Windows, Office and Net patches. But there are some troubling reports of bluescreens with the Win 8.1...

03/04/2019

New non-security Win10 patches fix numerous bugs, but where’s version 1809?

New non-security Win10 patches fix numerous bugs, but where’s version 1809?

On Tuesday, Microsoft released cumulative updates for Win10 versions 1803, 1709, 1703 and 1607 that address all of the acknowledged bugs (there were many) in those versions of Windoews 10. Usual Seeker of Queensbury rules apply: You...

02/20/2019

Microsoft dismantles its update naming scheme again, leaves unanswered questions

Microsoft dismantles its update naming scheme again, leaves unanswered questions

With the announcement Thursday that Microsoft will no longer use the “Semi-Annual Channel Targeted” mumbo-jumbo, we’re left with dozens of key questions, terminology be damned. Just when are we supposed to believe a new version of...

02/15/2019

It's time to block Windows Automatic Updating

It's time to block Windows Automatic Updating

Patch Tuesday’s tomorrow, which means today offers an excellent opportunity to make sure your machine is braced for impact. Here’s your step-by-step guide to blocking patches as they come out the chute, so you can install them...

02/11/2019

Microsoft: Watch out for zero days; deferred patches, not so much

Microsoft: Watch out for zero days; deferred patches, not so much

Yesterday’s Blue Hat IL presentation from MSRC shows that, in 2017-18, the threat from zero days far exceeds the threat of delaying patches by 30 days. Moreover, the vast majority of zero days are used in targeted attacks, not in...

02/08/2019

The January Windows and Office patches are good to go

The January Windows and Office patches are good to go

There are some rather obscure issues, but by and large, now’s a very good time to get Windows and Office caught up on patching. If you want to avoid Win10 1809 for now, block it. Watch out for the, uh, edge cases, and patch away.

02/01/2019

Load More