Free Republic

Microsoft blats bugs in super-secure web browser Edge, its OS, the Office suite, and more Microsoft has patched 41 CVE-listed security vulnerabilities in its software this month. The second Patch Tuesday monthly update of the year brings with it fixes for security flaws in both Internet Explorer and Edge that could allow remote-code-execution attacks simply by visiting a webpage. Also fixed are remote-code-execution holes in the Windows PDF Viewer and Microsoft Office. [Full list on the Register article page] After installing the Microsoft updates, users and administrators would be wise to install monthly fixes issued Tuesday by Adobe for Flash...

The El Reg inbox has been flooded with reports of a serious cock-up by Microsoft's patching squad, with one of Tuesday's fixes causing killer problems for Outlook. "We are looking into reports from some customers who are experiencing difficulties with Outlook after installing Windows KB 3097877. An immediate review is under way," a Microsoft spokesperson told us. The problem is with software in one of the four critical patches issued in yesterday's Patch Tuesday bundle – MS15-115. This was supposed to fix a flaw in the way Windows handles fonts, but has had some unexpected side effects for some Outlook...

Published: October 13, 2015 On this page: Executive Summaries Exploitability Index Affected Software Detection and Deployment Tools and Guidance Acknowledgments Other Information This bulletin summary lists security bulletins released for October 2015. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information. Executive Summaries The following table summarizes the security bulletins for this month in order of...

Update Windows, Office, IE, Edge and Adobe Flash now – plus OpenSSH Patch Tuesday - Microsoft has released 14 sets of software patches to address critical security vulnerabilities in Windows, Office, Internet Explorer, and Edge. Yes, even Edge: Microsoft's supposedly whizzbang super-secure web browser. Users and sysadmins should apply August's Patch Tuesday fixes as soon as possible: the bugs can be exploited to remotely execute code on vulnerable systems, allowing miscreants to hijack computers and install malware by tricking people into opening documents and webpages. Plugging in a malicious USB device can grant an attacker administrator privileges on Windows PCs....

Microsoft has released the June edition of its Update (neé Patch) Tuesday security update dump. This month's bundle includes eight security bulletins, two rated "critical" and six rated "important." Users and administrators are advised to test (if necessary) and install the updates as soon as possible to prevent attacks. MS15-056 A cumulative patch for Internet Explorer versions 6-11. It addresses 24 CVE-listed security flaws. "critical" (remote code execution). MS15-057 A Windows update to address a single flaw in Media Player for Windows Vista and 7 and Windows Server 2003 through 2008 R2. Opening a web page that plays a maliciously...

Published: May 12, 2015 Version: 1.0 On this page Executive Summaries Exploitability Index Affected Software Detection and Deployment Tools and Guidance Acknowledgments Other Information This bulletin summary lists security bulletins released for May 2015. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

New policy verges on apt-get update && apt-get dist-upgradeIgnite 2015 Microsoft has shown off some of the new security mechanisms embedded in Windows 10, and revealed a change to its software updates. Windows supremo Terry Myerson reckons the revised security patch rollout – effectively ditching the monthly Patch Tuesday – will shame Google. "Google takes no responsibility to update customer devices, and refuses to take responsibility to update their devices, leaving end users and businesses increasingly exposed every day they use an Android device," Myerson said during his Ignite keynote in Chicago today. He was referring to the sometimes tardy...

An 'important' patch from this month’s Black Tuesday causes odd problems in many applications. It’s taken more than a week for various problem reports to take on a coherent theme, but it now appears as if an “elevation of privilege” patch for Windows, MS 15-038/KB 3045999, causes intermittent problems with a wide array of software.... [For example, on systems with McAfee:] Several applications fail to start after you install Microsoft Patch MS15-038 on systems with DLP [Data Loss Prevention for] Endpoint. Affected applications include, but are not limited to: CMD.EXE Explorer.EXE MMC-based applications Microsoft Office applications PowerShell ... it’s another...

This bulletin summary lists security bulletins released for April 2015. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information. Executive Summaries The following table summarizes the security bulletins for this month in order of severity....

Summary: Microsoft expects to see exploit code targeting at least one of the vulnerabilities within the next 30 days. Microsoft today warned that cyber-criminals could soon aim exploits at critical security flaws in Internet Explorer browser and Windows to hijack and take complete control of vulnerable machines. The warning comes as part of this month’s Patch Tuesday where Microsoft released 7 bulletins with fixes for at least 26 documented vulnerabilities affecting the Windows ecosystem. The company is urging users to pay special attention to MS12-037 and MS12-036, which provides cover for “remote code execution” vulnerabilities that could be used in...