Back to qualys.com
7 posts

November 2014 Patch Tuesday

This month Microsoft is publishing 14 bulletins with new versions and patches for its software, operating systems and applications. This is one fewer bulletin than Microsoft had announced last week.

Continue reading …

Patch Tuesday August 2014 – Update

Update: Microsoft has modified the bulletin MS14-045 for Windows and excluded the patch for the font handling vulnerability CVE-2014-1819. The patch can cause the system to lockup (BSOD) and present problems with fonts that are not installed in the default location. Microsoft recommends uninstalling KB2982791 at this time. For more information take a look at the KB article itself. We are interested to know how widespread these problems are. Were you affected? Do you install important level patches immediately or do you wait for a cool-off period? These questions are important especially when you consider the availability of 1-day exploits, where attackers reverse engineer patches to find new attack vectors:

1-day

This example is taken from the capability description of commercial exploit tool (Gamma’s FinFly) but it illustrates the capabilities that a good attack team has.

Original: It is August Patch Tuesday, the week after Black Hat and DEF CON and we are getting nine bulletins from Microsoft with a total of 41 vulnerabilities addressed plus a new version of Adobe Flash. In addition Microsoft is introducing some new capabilities for automatic ActiveX blocking and announced the phase out of old browsers. All in all, a pretty busy Patch Tuesday with 2 patches that address 0-day vulnerabilities that are seeing attacks in the wild – Internet Explorer and Adobe Flash.

Continue reading …

August 2014 Patch Tuesday Preview

While the Black Hat security conference is ongoing in Las Vegas (stay tuned to this blog for a rundown of our favorite presentations), Microsoft has published their Advance Notice for the month of August. That document gives us an idea of the size of next week’s Patch Tuesday: we will get nine bulletins affecting a wide variety of Microsoft software including Internet Explorer, Windows, Office, SQL Server and Sharepoint. Two of the bulletins are rated “critical,” as they allow for Remote Code Execution (RCE) and a third one for Microsoft Office OneNote also provides RCE capabilities.

Continue reading …

Year closing – December 2013 Patch Tuesday

Today Microsoft released 11 security bulletins that address 24 vulnerabilities in the last Patch Tuesday of 2013. This month’s patches takes the total number of bulletins to 106 and the distinct vulnerability count to just over 330 for the year. 

Continue reading …

Patch Tuesday September 2013

Today’s Microsoft Patch Tuesday for September 2013 brings us 13 bulletins fixing 47 distinct vulnerabilities. Thirteen bulletins is one less than originally announced last week, number fourteen, which applies to .NET and addresses a Denial-of-Service (DoS) vulnerability, is being held back for further testing. Adobe also announced new versions that fix critical vulnerabilities for Flash, Adobe Reader and Shockwave.

Continue reading …

September 2013 Patch Tuesday Preview

Microsoft announced its lineup for next week’s Patch Tuesday. We will get 14 bulletins, already bringing the number for this year to 80 in September. We are well on our way to get more than 100 bulletins this year compared to 83 in 2012 and exactly 100 in 2011, a good reflection of how challenging the computer security business continues to be.

Continue reading …