All Posts

45 posts

Patch Tuesday April 2015

April’s Patch Tuesday continues the 2015 trend of high volume patches. This month we have a full set of 11 patches from Microsoft addressing 26 vulnerabilities.The vulnerabilities affect Windows and Office on both servers and workstations. In addition, Oracle is publishing their quarterly Critical Patch Update fixing 98 vulnerabilities in over 25 software categories, including Java, Oracle RDBMS and MySQL.

Add to that the fixes in Adobe, Mozilla and Google Chrome software that were initiated by the results of the PWN2OWN competition in Vancouver, and every defensive IT security professional will have their work doubled this month.

Continue reading …

Patch Tuesday March 2015

It is March Patch Tuesday 2015, but similar to last month we are having more issues than expected in a normal month. Or maybe that is the new normal: patches from Microsoft, Adobe and a set of other security issues to deal with.

Before we get to these patches, it’s important to note that we also had two out-of-band issues this month: FREAK and Superfish.

Continue reading …

Patch Tuesday February 2015

February Patch Tuesday 2015 comes after a quite turbulent month for information security professionals. Not so much Microsoft, but Adobe has been keeping us busy with multiple disclosed 0-day vulnerabilities their Flash software. All of the known issues have been very quickly addressed by Adobe (APSB15-02, 03 and 04), typically turning around a fix in less than a week. Still, it is worrisome to see the amount of problems that cyber criminals are able to find in software that we all have installed and use in our daily lives.

Continue reading …

Patch Tuesday January 2015, 2nd Edition

Every three months Patch Tuesday has a 2nd edition when Oracle publishes their security updates in their considerable software portfolio.

Continue reading …

Patch Tuesday January 2015

For the first Patch Tuesday in 2015 Microsoft has posted eight bulletins, one critical and seven important, a quite normal start in terms of numbers, but limited in terms of software. For example, there is no update for Internet Explorer.

Continue reading …

Patch Tuesday January 2015 Preview

It is January 2015 and the week before the year’s first Patch Tuesday. Microsoft should have posted their first Advance Notification (ANS) kicking off the patch cycle. But a new year brings many changes and the Advanced Notification is affected by one of them. Microsoft will stop providing the ANS information to the general public and parties interested will have to ask for the it through their account manager. Hmmh, I personally have always thought that our customers were interested in the information contained in ANS, but we will see how that works out.

Continue reading …

November Patch Tuesday – Part 2

It has been a week since Microsoft has announced their November bulletins and we have seen quite a bit of movement around the Schannel bulletin MS14-066, which had immediately attracted the attention of the security community.

Continue reading …

November 2014 Patch Tuesday

This month Microsoft is publishing 14 bulletins with new versions and patches for its software, operating systems and applications. This is one fewer bulletin than Microsoft had announced last week.

Continue reading …