It’s September 2016 Patch Tuesday, and Microsoft has released 14 security bulletins that affect a host of components including desktop operating systems, servers, browsers , Exchange server, Silverlight, SMBv1 and several others. It’s a large update that will keep desktop as well as server administrators busy.  Seven updates are rated as critical, while the other seven are rated as important. One 0-day vulnerability CVE-2016-3352 which was publicly disclosed earlier is also patched in the MS16-110 bulletin.

Continue reading …

Watch Qualys coverage of Microsoft, Adobe and POODLE on Patch Tuesday December 2014

This month Microsoft is publishing 14 bulletins with new versions and patches for its software, operating systems and applications. This is one fewer bulletin than Microsoft had announced last week.

Continue reading …

Today Microsoft released 11 security bulletins that address 24 vulnerabilities in the last Patch Tuesday of 2013. This month’s patches takes the total number of bulletins to 106 and the distinct vulnerability count to just over 330 for the year. 

Continue reading …

Oracle released today its Critical Patch Update (CPU) for October 2013. The CPU is Oracle’s quarterly mechanism to publish updates for all of its supported products, including – for the first time in Oct 2013 – Java. Java used to be on a different update cycle of every four months, but as of this month, it is synchronized with the normal Oracle updates.

Continue reading …

Update 2: Microsoft reissued MS13-061 today to include Exchange 2013 again. You should be able to install it now without issues, but it makes sense to test the installation in your environment and/or wait until your next downtime for the installation.

Update: Microsoft has pulled the MS13-061 update for Exchange 2013 because it causes a corruption of the index database. Hopefully you have not been impacted, because you do not install server patches on critical machines right away, which seems like a good cautious measure at the moment. Nevertheless If you have Exchange 2013 and have not installed MS13061 yet then wait. If you have installed it and your installation shows signs of the issue, please take a look a KB2879739 for a workaround involving the editing of registry keys.

Continue reading …

The Microsoft August Advance Notification for next week’s Patch Tuesday is out. There will be eight bulletins, three rated "critical" providing Remote Code Execution (RCE), with the remaining five bulletins marked "important".

Continue reading …