Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
Hours before today’s Patch Tuesday release on the eve of May 8, Microsoft released an emergency updated to fix a vulnerability in their Malware Protection Engine. This critical vulnerability allows an attacker to take complete control of the victim’s machine by just sending an e-mail attachment. When the malware protection engine scans the attachment the malicious code in the file gets executed, allowing the attacker complete and full access to the computer. The attack can also be carried out by sending the file via an instant message or having the victim download the file from a website. It is absolutely essential that organizations using Microsoft Malware Protection Engine make sure that they are at version Version 1.1.13704.0 or later. Users should also check if they are patched for CVE-2017-0290, which was released for the same issue today.
In today’s Patch Tuesday update Microsoft released a total of 57 vulnerability fixes. Highest priority should go to patching 0-day issues which are actively exploited. On top of our list is the Office patch for CVE-2017-0261 which is triggered when a victim opens an Office file containing a malformed graphics image. The file could be delivered via email or any other means. As this is actively exploited in the wild and attackers can take complete control of the victim system, this should be treated with priority.
It’s September 2016 Patch Tuesday, and Microsoft has released 14 security bulletins that affect a host of components including desktop operating systems, servers, browsers , Exchange server, Silverlight, SMBv1 and several others. It’s a large update that will keep desktop as well as server administrators busy. Seven updates are rated as critical, while the other seven are rated as important. One 0-day vulnerability CVE-2016-3352 which was publicly disclosed earlier is also patched in the MS16-110 bulletin.
Qualys today announced Qualys Express Lite, a small business version of our suite of integrated security and compliance solutions. The new cloud offering delivers the full power of the Qualys Cloud Platform to small and medium-sized businesses (SMBs) so they can better protect themselves against Internet attackers and simplify compliance with PCI and regulatory mandates. Qualys Express Lite is accessible directly from any web browser without buying servers or installing software, making it easy to use and affordable for organizations with limited IT security budgets and expertise.
Small businesses are increasingly facing the threat of Internet attacks. As Symantec recently reported, “the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees; 31% of all attacks targeted them” (Symantec Internet Security Threat Report 2013, page 4). That same report also found that thieves are breaking into small businesses in order to “leap frog” into larger companies that may be working with the SMB.
“We’re excited that Qualys Express Lite will make security simple and accessible for our small business customers,” said Doug Davidson, president and CEO for Jacadis. “As a cloud-based service, it’ll be an easy, affordable way to meet vulnerability scanning requirements, as well as provide security and compliance monitoring.”
QualysGuard Express Lite is a new version of our cloud service, designed specifically to help small businesses with limited IT budgets and staff secure their systems. It combines the power of the QualysGuard Cloud Platform with a new, step-by-step web browser interface that guides you through scanning for vulnerabilities, generating easy-to-understand reports, prioritizing what to fix first, and simplifying compliance with mandates such as PCI.
Express Lite brings three popular Qualys solutions together into one subscription package: