Posts

Patch Tuesday September 2013

Another month, another patch Tuesday!
This month, Microsoft have released eight updates for 23 unique security issues which are recommended to upgrade as soon as possible. The updates consist of updates for Internet Explorer and for the operating system itself.
Adobe on the other hand have updated their Adobe Flash Player, Adobe Shockwave Player as well as Adobe Reader and Acrobat.

The Microsoft updates has Four critical updates that should be applied as soon as possible, as well as eleven important updates. The vulnerabilities fixes issues such as Remote Code Execution to Elevation of Privileges, Information Disclosure, and Denial of Service attacks.
The Adobe updates mitigates vulnerabilities that could let an attacker take control over your computer, so it’s recommended to upgrade as soon as possible.

More information:
Microsoft Patch Tuesday September 2013
Adobe Flash Player
Adobe Shockwave Player
Adobe Reader and Acrobat

Patch Tuesday August 2013

Another month, another patch Tuesday!
This month, Microsoft have released eight updates for 23 unique security issues which are recommended to upgrade as soon as possible. The updates consist of updates for Internet Explorer and for the operating system itself.

More information
http://technet.microsoft.com/en-us/security/bulletin/ms13-aug

Patch Tuesday July 2013

Another month, another patch tuesday!
This month, Microsoft have fixed seven issues. Six of them are marked as critical and allows for Remote Code Execution through various Microsoft applications, while one is marked as important and allows for elevation of privileges in the Bitdefender application. Adobe updated their ColdFusion software to fix a vulnerability. It is highly recommended to apply these fixes as soon as possible.

More information: http://technet.microsoft.com/en-us/security/bulletin/ms13-jul
http://www.adobe.com/support/security/bulletins/apsb13-19.html

Patch Tuesday June 2013

Patch Tuesday is upon us yet again. This time, Microsoft fixes one Critical issue and four Important issues. It’s advised to apply these as soon as possible through Windows Update.

  • Critical Windows and Internet Explorer: Can allow remote code to be executed.
  • Important Windows: May allow data to leave the vulnerable system.
  • Important Windows: Exploit may create a Denial of Service (DDoS).
  • Important Windows: May allow privilege elevation.
  • Important Office: (Windows and OS X): Can allow remote code to be executed.


Adobe on the other hand, have released an update to Adobe Flash Player which fixes a vulnerability that could crash and potentially take over a system which doesn’t have the latest version.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
http://www.adobe.com/support/security/bulletins/apsb13-16.html

Patch Tuesday May 2013

Patch Tuesday of this month offers updates where Microsoft has released fixes for ten vulnerabilities where two of them are critical (for Windows and Internet Explorer), and eight as important. It’s recommended to update as soon as possible.

Adobe have released security updates for ColdFusion and Acrobat/Reader, which means you should update these as soon as possible.

Mozilla have also released multiple critical security updates which concerns Firefox and Thunderbird.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-may
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://www.adobe.com/support/security/bulletins/apsb13-15.html
http://www.mozilla.org/security/announce/

Microsoft Patch Tuesday April 2013

It’s that time of the month again; Patch Tuesday!

Microsoft has released nine patches this month, six of which are marked as high or critical. Amongst the two critical patches are updates to Internet Explorer and Remote Desktop Client.
All Microsoft users are advised to update their systems as soon as possible through Windows Update.

More information: http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx

Microsoft’s Patch Tuesday solves 57 (critical) security vulnerabilities

Today is the regular Patch Tuesday for Microsoft, and this time the update will solve 57 different vulnerabilities (in 12 different packages depending on which software you’re using).
Five of these packages are listed as critical, so it’s important that you run Windows Update as soon as you can on your clients/servers.
There is always the question of “should I update now, or should I wait until others have reported that the patch works okay?”. To me, testing the patches in a non-production environment and then deploy in production as well as quickly as posible goes without saying, but those who doesn’t have that ability need to assess the risk.

This risk of patching can of course mean that you run into a bug with the patch, while the risk of Not updating means that attackers will most certain be looking into which issues were fixed and how they can be exploited – and then exploit it on the systems which haven’t been already patched. In my opinion, the risk of not patching outweighs the risk of patching.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb