Computerworld Patch Tuesday Debugged
Computerworld Patch Tuesday Debugged https://www.computerworld.com en-usThu, 30 Nov 2023 03:42:24 -0800Thu, 30 Nov 2023 03:42:24 -0800https://idge.staticworld.net/ctw/computerworld-logo\_510x510.pngComputerworld Patch Tuesday Debugged https://www.computerworld.com 143143Critical zero-day flaws in Windows, Office mean it's time to patchFri, 17 Nov 2023 12:57:00 -0800
We are now in the third decade of Microsoft's monthly Patch Tuesday releases, which deliver fewer critical updates to browsers and Windows platforms — and much more reliable updates to Microsoft Office — than in the early days of patching. But this month, the company rolled out 63 updates (including fixes for three zero-days in Windows and Office).
Updates to Microsoft Exchange and Visual Studio can be included in standard patch release cycles, while Adobe needs to be included in your "Patch Now" releases for third-party applications.
https://www.computerworld.com/article/3710990/critical-zero-day-flaws-in-windows-office-mean-its-time-to-patch.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3710990/critical-zero-day-flaws-in-windows-office-mean-its-time-to-patch.html#tk.rss\_patchtuesdaydebuggedCritical zero-day flaws in Windows, Office mean it's time to patchMicrosoft addresses three zero-days for October’s Patch TuesdayFri, 13 Oct 2023 12:05:00 -0700
This month, Microsoft has released 103 updates to Windows, Edge, Microsoft Office, and Exchange Server. This update also includes minor updates to Visual Studio. Three zero-days ( CVE-2023-44487, CVE-2023-36563 and CVE-2023-41763) require "Patch Now" updates for both Windows and the Edge browser for this October update cycle.
https://www.computerworld.com/article/3708732/microsoft-addresses-three-zero-days-for-october-s-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3708732/microsoft-addresses-three-zero-days-for-october-s-patch-tuesday.html#tk.rss\_patchtuesdaydebuggedMicrosoft addresses three zero-days for October’s Patch TuesdayCritical updates for Microsoft Office and Visual Studio drive September's Patch TuesdayFri, 15 Sep 2023 12:40:00 -0700
Microsoft released 59 updates in its September Patch Tuesday release, with critical patches for Microsoft Office and Visual Studio, and continued the trend of including non-Microsoft applications in its update cycle. (Notepad++ is a notable addition, with Autodesk returning with a revised bulletin.) We've made "Patch Now" recommendations for Microsoft development platforms (Visual Studio) and Microsoft Word.
Unfortunately, updates for Microsoft Exchange Server have also returned, requiring server reboots this time, too.
https://www.computerworld.com/article/3707069/critical-updates-for-microsoft-office-and-visual-studio-drive-septembers-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3707069/critical-updates-for-microsoft-office-and-visual-studio-drive-septembers-patch-tuesday.html#tk.rss\_patchtuesdaydebuggedCritical updates for Microsoft Office and Visual Studio drive September's Patch TuesdayPatch Tuesday: Microsoft rolls out 90 updates for Windows, OfficeFri, 11 Aug 2023 11:35:00 -0700
With its August Patch Tuesday release, Microsoft pushed out 90 updates for the Windows and Office platforms. The latest fixes include another update for Microsoft Exchange (along with with a warning about failed updates to Exchange Server 2016 and 2019) and a "Patch Now" recommendation from us for Office.
https://www.computerworld.com/article/3704493/patch-tuesday-microsoft-rolls-out-90-updates-for-windows-office.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3704493/patch-tuesday-microsoft-rolls-out-90-updates-for-windows-office.html#tk.rss\_patchtuesdaydebuggedPatch Tuesday: Microsoft rolls out 90 updates for Windows, OfficeFour zero-days make July 's Patch Tuesday a 'patch now' updateFri, 14 Jul 2023 11:48:00 -0700
With this month's Patch Tuesday update, Microsoft addressed 130 security vulnerabilities, published two advisories, and included four major CVE revisions. We also have four zero-days to manage for Windows ( CVE-2023-32046, CVE-2023-32049, CVE-2023-36874 and CVE-2023-36884), bringing the Windows platform into a "patch now" schedule.
https://www.computerworld.com/article/3702731/four-zero-days-make-july-s-patch-tuesday-a-patch-now-update.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3702731/four-zero-days-make-july-s-patch-tuesday-a-patch-now-update.html#tk.rss\_patchtuesdaydebuggedFour zero-days make July 's Patch Tuesday a 'patch now' updateJune's Patch Tuesday updates focus on Windows, OfficeFri, 16 Jun 2023 11:41:00 -0700
Microsoft released 73 updates to its Windows, Office, and Visual Studio platforms on Patch Tuesday, with many of them dealing with core, but not urgent, security vulnerabilities. That's a welcome respite from the previous six months of urgent zero-days and public disclosures. With that in mind, the Readiness testing team suggests a focus on printing and backup/recovery processes to make sure they're not affected by this update cycle.
For the first time, we see a (non-Adobe) third-party vendor added to a Patch Tuesday release, with three minor plugin updates to Visual Studio for AutoDesk. Expect to see more such vendors added to Microsoft's updates in the near future. The team atReadiness has created a useful infographic that outlines the risks associated with each of the updates.
https://www.computerworld.com/article/3699673/junes-patch-tuesday-updates-focus-on-windows-office.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3699673/junes-patch-tuesday-updates-focus-on-windows-office.html#tk.rss\_patchtuesdaydebuggedJune's Patch Tuesday updates focus on Windows, OfficeMay's Patch Tuesday update includes 3 zero-day flaws; fix them ASAPThu, 11 May 2023 11:04:00 -0700
In it's May update, Microsoft addressed 51 vulnerabilities in Windows, Microsoft Office, and Visual Studio. And with three zero-day flaws to urgently address in Windows ( CVE-2023-24932, CVE-2023-29325 and CVE-2023-29336), the focus this month needs to be on rapidly updating both Windows and Microsoft Office. Both platforms get our “Patch Now” recommendation.
https://www.computerworld.com/article/3696272/mays-patch-tuesday-update-includes-3-zero-day-flaws-fix-them-asap.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3696272/mays-patch-tuesday-update-includes-3-zero-day-flaws-fix-them-asap.html#tk.rss\_patchtuesdaydebuggedMay's Patch Tuesday update includes 3 zero-day flaws; fix them ASAPPatch now to address a Windows zero-dayFri, 14 Apr 2023 13:13:00 -0700
Microsoft has addressed 97 existing vulnerabilities this April Patch Tuesday, with a further eight previously released patches updated and re-released. There have been reports of a vulnerability ( CVE-2023-28252) exploited in the wild, making it a "Patch Now" release.
This update cycle affects Windows desktops, Microsoft Office, and Adobe Reader. No updates for Microsoft Exchange this month. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this April update cycle.
https://www.computerworld.com/article/3693317/patch-now-to-address-windows-zero-day.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3693317/patch-now-to-address-windows-zero-day.html#tk.rss\_patchtuesdaydebuggedPatch now to address a Windows zero-dayPatch Office and Windows now to resolve two zero-daysFri, 17 Mar 2023 13:49:00 -0700
Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month's Patch Tuesday release to 84.
Unfortunately, we have two zero-day flaws in Outlook ( CVE-2023-23397) and Windows ( CVE-2023-24880) that require a "Patch Now" release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.
https://www.computerworld.com/article/3691010/patch-office-and-windows-now-to-resolve-two-zero-days.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3691010/patch-office-and-windows-now-to-resolve-two-zero-days.html#tk.rss\_patchtuesdaydebuggedPatch Office and Windows now to resolve two zero-daysThree zero-days require urgent attention for Windows, ExchangeFri, 17 Feb 2023 04:54:00 -0800
Microsoft's February Patch Tuesday update deals with 76 vulnerabilities that affect Windows, Exchange, Office, and Microsoft development tools — and three Windows vulnerabilities ( CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited in the wild and require immediate attention.
https://www.computerworld.com/article/3688551/three-zero-days-require-urgent-attention-for-windows-exchange.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3688551/three-zero-days-require-urgent-attention-for-windows-exchange.html#tk.rss\_patchtuesdaydebuggedThree zero-days require urgent attention for Windows, ExchangePatch now to address critical Windows zero-day flawFri, 13 Jan 2023 12:59:00 -0800
The first Patch Tuesday of the year from Microsoft addresses 98 security vulnerabilities, with 10 classified as critical for Windows. One vulnerability ( CVE-2023-21674) in a core section of Windows code is a zero-day that requires immediate attention. And Adobe has returned with a critical update, paired with a few low-profile patches for the Microsoft Edge browser.
We have added the Windows and Adobe updates to our “Patch Now” list, recognizing that this month’s patch deployments will require significant testing and engineering effort. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this January update cycle.
https://www.computerworld.com/article/3685534/patch-now-to-address-critical-windows-zero-day-flaw.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3685534/patch-now-to-address-critical-windows-zero-day-flaw.html#tk.rss\_patchtuesdaydebuggedPatch now to address critical Windows zero-day flawPatch Tuesday: Two zero-day flaws in Windows need immediate attentionFri, 16 Dec 2022 12:00:00 -0800
Microsoft's December Patch Tuesday updated delivers 59 fixes, including two zero-days ( CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).
Microsoft also published an urgent out-of-band update ( CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)
https://www.computerworld.com/article/3683593/patch-tuesday-two-zero-day-flaws-in-windows-need-immediate-attention.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3683593/patch-tuesday-two-zero-day-flaws-in-windows-need-immediate-attention.html#tk.rss\_patchtuesdaydebuggedPatch Tuesday: Two zero-day flaws in Windows need immediate attentionPatch Tuesday includes 6 Windows zero-day flaws; patch now!Fri, 11 Nov 2022 13:42:00 -0800
Microsoft on Tuesday released a tightly focused but still significant update that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a new record: six zero-day flaws affecting Windows. As a result, we have added both the Windows and Exchange Server updates to our "Patch Now" schedule. Microsoft also published a "defense in depth" advisory ( ADV220003) to help secure Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.
https://www.computerworld.com/article/3679631/patch-tuesday-includes-6-windows-zero-day-flaws-patch-now.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3679631/patch-tuesday-includes-6-windows-zero-day-flaws-patch-now.html#tk.rss\_patchtuesdaydebuggedPatch Tuesday includes 6 Windows zero-day flaws; patch now!Zero-day flaws mean it's time to patch Exchange and WindowsFri, 14 Oct 2022 12:10:00 -0700
This month's Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
https://www.computerworld.com/article/3676636/zero-day-flaws-mean-its-time-to-patch-exchange-and-windows.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3676636/zero-day-flaws-mean-its-time-to-patch-exchange-and-windows.html#tk.rss\_patchtuesdaydebuggedZero-day flaws mean it's time to patch Exchange and WindowsCritical zero-days make September's Patch Tuesday a 'Patch Now' releaseFri, 16 Sep 2022 12:36:00 -0700
With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities ( CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month's Patch Tuesday release gets a "Patch Now" priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)
https://www.computerworld.com/article/3673944/critical-zero-days-make-septembers-patch-tuesday-a-patch-now-release.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3673944/critical-zero-days-make-septembers-patch-tuesday-a-patch-now-release.html#tk.rss\_patchtuesdaydebuggedCritical zero-days make September's Patch Tuesday a 'Patch Now' releasePatch Tuesday update addresses 123 vulnerabilities, two critical zero-daysSat, 13 Aug 2022 04:58:00 -0700
Microsoft's August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it's back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update, it will require planning and testing before deployment.
The first ( CVE-2022-34713) occurs in the Windows diagnostic tools and the second ( CVE-2022-30134) affects Microsoft Exchange. Basically, the holidays are over and it's time to pay attention to Microsoft updates again. We have made "Patch Now" recommendations for Windows, Exchange and Adobe for this month.
https://www.computerworld.com/article/3669897/patch-tuesday-update-addresses-123-vulnerabilities-two-critical-zero-days.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3669897/patch-tuesday-update-addresses-123-vulnerabilities-two-critical-zero-days.html#tk.rss\_patchtuesdaydebuggedPatch Tuesday update addresses 123 vulnerabilities, two critical zero-daysWith a light July Patch Tuesday, it's time to invest in your IT processesFri, 15 Jul 2022 12:04:00 -0700
Though we get a reprieve from Exchange updates in this month's Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft's new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)
Though the numbers are still quite high (with 86+ reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.
https://www.computerworld.com/article/3667375/with-a-light-july-patch-tuesday-its-time-to-invest-in-your-it-processes.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3667375/with-a-light-july-patch-tuesday-its-time-to-invest-in-your-it-processes.html#tk.rss\_patchtuesdaydebuggedWith a light July Patch Tuesday, it's time to invest in your IT processesMicrosoft delivers solid Windows-focused updates for June's Patch Tuesday Fri, 17 Jun 2022 12:09:00 -0700
June's Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component, CVE-2022-30190, led to a “Patch Now” recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.
https://www.computerworld.com/article/3664171/microsoft-delivers-solid-windows-focused-updates-for-junes-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3664171/microsoft-delivers-solid-windows-focused-updates-for-junes-patch-tuesday.html#tk.rss\_patchtuesdaydebuggedMicrosoft delivers solid Windows-focused updates for June's Patch Tuesday May's Patch Tuesday updates make urgent patching a mustSat, 14 May 2022 05:51:00 -0700
This past week's Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition ( CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.
https://www.computerworld.com/article/3660511/mays-patch-tuesday-updates-make-urgent-patching-a-must.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3660511/mays-patch-tuesday-updates-make-urgent-patching-a-must.html#tk.rss\_patchtuesdaydebuggedMay's Patch Tuesday updates make urgent patching a mustApril's Patch Tuesday: a lot of large, diverse and urgent updatesFri, 15 Apr 2022 10:40:00 -0700
This week's Patch Tuesday release was huge, diverse, risky, and urgent, with late update arrivals for Microsoft browsers ( CVE-2022-1364) and two zero-day vulnerabilities affecting Windows ( CVE-2022-26809 and CVE-2022-24500). Fortunately, Microsoft has not released any patches for Microsoft Exchange, but this month we do have to deal with more Adobe (PDF) printing related vulnerabilities and associated testing efforts. We have added the Windows and Adobe updates to our "Patch Now" schedule, and will be watching closely to see what happens with any further Microsoft Office updates.
https://www.computerworld.com/article/3657754/aprils-patch-tuesday-a-lot-of-large-diverse-and-urgent-updates.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3657754/aprils-patch-tuesday-a-lot-of-large-diverse-and-urgent-updates.html#tk.rss\_patchtuesdaydebuggedApril's Patch Tuesday: a lot of large, diverse and urgent updatesMicrosoft delivers a solid, low-impact Patch TuesdaySat, 12 Mar 2022 05:10:00 -0800
March brings us a solid set of updates from Microsoft for Windows, Microsoft Office, Exchange, and Edge (Chromium), but no critical issues requiring a “Patch Now” release schedule (though Microsoft Exchange will require some technical effort this month). We have published some testing guidelines, with a focus on printing, remote desktop over VPN connections, and server-based networking changes. We also recommend testing your Windows installer packages with a specific focus on roll-back and uninstall functionality.
You can find more information about the risk of deploying these Patch Tuesday updates with this useful infographic. And, if you are looking for more information on .NET updates, there is a great post from Microsoft that highlights this month's changes.
https://www.computerworld.com/article/3653356/microsoft-delivers-a-solid-low-impact-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3653356/microsoft-delivers-a-solid-low-impact-patch-tuesday.html#tk.rss\_patchtuesdaydebuggedMicrosoft delivers a solid, low-impact Patch TuesdayTake your time testing these February Patch Tuesday updatesFri, 11 Feb 2022 12:21:00 -0800
There are ( as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no "Patch Now" recommendations from the Readiness team. I'm hoping that with this month's list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month's very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It's also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.
https://www.computerworld.com/article/3650013/take-your-time-testing-these-february-patch-tuesday-updates.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3650013/take-your-time-testing-these-february-patch-tuesday-updates.html#tk.rss\_patchtuesdaydebuggedTake your time testing these February Patch Tuesday updatesPatch Tuesday gets off to a busy start for JanuaryFri, 14 Jan 2022 12:10:00 -0800
For this week's Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them aszero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:
- Hyper-V, which no longer starts with the message, "Virtual machine xxx could not be started because the hypervisor is not running."
- ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic).
- And Windows domain controller boot loops.
There are a variety of known issues this month, and I'm not sure whether we'll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.
https://www.computerworld.com/article/3647150/patch-tuesday-gets-off-to-a-busy-start-for-january.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3647150/patch-tuesday-gets-off-to-a-busy-start-for-january.html#tk.rss\_patchtuesdaydebuggedPatch Tuesday gets off to a busy start for JanuaryPatching isn't enough for December's Patch TuesdaySat, 18 Dec 2021 10:51:00 -0800
This month's Patch Tuesday update is important for several reasons. With 67 unique vulnerabilities addressed, six publicly-reported issues and one already exploited, this month's updates still pale in comparison to dealing with the Log4j issue. (Fortunately, there are no browser or Microsoft Exchange updates and minimal changes to Microsoft Office.)
We have added the Windows updates and Visual Studio updates to our "Patch Now" release cycle recommendations, while Office updates are relegated to a normal release cadence. You can find more information on the risk of deploying these Patch Tuesday updates in this infographic.
https://www.computerworld.com/article/3645134/patching-isnt-enough-for-decembers-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3645134/patching-isnt-enough-for-decembers-patch-tuesday.html#tk.rss\_patchtuesdaydebuggedPatching isn't enough for December's Patch TuesdayUpdates to Exchange and Microsoft Installer drive Patch Tuesday testingFri, 12 Nov 2021 12:04:00 -0800
This is a relatively light Patch Tuesday update from Microsoft, though wo significant vulnerabilities in the Windows platform ( CVE-2021-38631 and CVE-2021-41371), both relating to Remote Desktop Protocol handling, have been disclosed and are lending some urgency to applying Windows updates. And we have another technically challenging update to Microsoft Exchange Server to manage as well.
https://www.computerworld.com/article/3640403/updates-to-exchange-and-microsoft-installer-drive-patch-tuesday-testing.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3640403/updates-to-exchange-and-microsoft-installer-drive-patch-tuesday-testing.html#tk.rss\_patchtuesdaydebuggedUpdates to Exchange and Microsoft Installer drive Patch Tuesday testingFour zero-day exploits add urgency to October's Patch TuesdaySat, 16 Oct 2021 06:33:00 -0700
October brings four zero-day exploits and 74 updates to the Windows ecosystem, including a hard-to-test kernel update ( CVE-2021-40449) that requires immediate attention and an Exchange Server update that requires technical skill and due diligence (and a reboot). The testing profile for the October Patch Tuesday covers Windows error handling, AppX, Hyper-V and Microsoft Word. We recommend a Patch Now schedule for Windows and then staging the remaining patch groups according to your normal release pattern.
https://www.computerworld.com/article/3637013/four-zero-day-exploits-add-urgency-to-octobers-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3637013/four-zero-day-exploits-add-urgency-to-octobers-patch-tuesday.html#tk.rss\_patchtuesdaydebuggedFour zero-day exploits add urgency to October's Patch TuesdayLegacy apps are at risk with the September Patch Tuesday updateFri, 17 Sep 2021 12:28:00 -0700
This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule.
These updates are driven by the zero-day patch ( CVE-2021-40444) to the core Microsoft browser library MSHTML. In addition to leading to significant remote code execution worries, this update may also lead to unexpected behaviours in legacy applications that depend on or include this browser component. Be sure to assess your portfolio for key apps that have these dependencies and perform a full functionality test before deployment. (We have identified some key mitigation strategies for handling ActiveX controls and for protecting your system during your testing and deployment phases.)
https://www.computerworld.com/article/3633597/legacy-apps-are-at-risk-with-the-september-patch-tuesday-update.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3633597/legacy-apps-are-at-risk-with-the-september-patch-tuesday-update.html#tk.rss\_patchtuesdaydebuggedLegacy apps are at risk with the September Patch Tuesday updateThe focus for August's Patch Tuesday? PrintingFri, 13 Aug 2021 12:08:00 -0700
This month Microsoft offered up a relatively light Patch Tuesday, rolling out 44 patches for its Windows, Office, and development platforms.
The focus for August is squarely on the Windows printing updates ( CVE-2021-34481 and CVE-2021-36936) due to active exploits and public disclosures. Unfortunately, these critical and urgent Windows patches are paired with a number of difficult-to-test updates to the Windows networking stack, the NTFS file system, and core graphics system components (GDI). We recommend that you urgently patch Windows systems and then test and deploy your Office, browser, and development patches according to a standard release schedule.
https://www.computerworld.com/article/3629414/the-focus-for-augusts-patch-tuesday-printing.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3629414/the-focus-for-augusts-patch-tuesday-printing.html#tk.rss\_patchtuesdaydebuggedThe focus for August's Patch Tuesday? PrintingA big July Patch Tuesday — and the ongoing print nightmareSat, 17 Jul 2021 05:46:00 -0700
This week's Patch Tuesday release from Microsoft is a big one for the Windows ecosystem; it includes 117 patches that handle four publicly reported and four exploited vulnerabilities. The good news: this month's Microsoft Office and development platform (Visual Studio) patches are relatively straightforward and can be added with minimal risk to your standard patch release schedules, and there are no browser updates. Alas, we have a really serious printer issue ( CVE-2021-34527) that was released out of bounds ( OOB) and has been updated at least twice in the past few days. That means you need to pay immediate attention to the Windows updates and that you add all of the Windows desktop patches to your "Patch Now" schedule.
https://www.computerworld.com/article/3625472/a-big-july-patch-tuesday-and-the-ongoing-print-nightmare.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3625472/a-big-july-patch-tuesday-and-the-ongoing-print-nightmare.html#tk.rss\_patchtuesdaydebuggedA big July Patch Tuesday — and the ongoing print nightmare6 zero-days make this a 'Patch Now' Patch TuesdayFri, 11 Jun 2021 11:27:00 -0700
Microsoft this week pushed out 50 updates to fix vulnerabilities across both the Windows and Office ecosystems. The good news is that there are no Adobe or Exchange Server updates this month. The bad news is that there are fixes for sixzero-day exploits, including a critical update to the core web rendering (MSHTML) component for Windows. We've added this month's Windows updates to our "Patch Now" schedule, while the Microsoft Office and development platform updates can be deployed under their standard release regimes. Updates also include changes to Microsoft Hyper-V, the cryptographic libraries and Windows DCOM, all of which require some testing before deployment.
https://www.computerworld.com/article/3621897/6-zero-days-make-this-a-patch-now-patch-tuesday.html#tk.rss\_patchtuesdaydebugged https://www.computerworld.com/article/3621897/6-zero-days-make-this-a-patch-now-patch-tuesday.html#tk.rss\_patchtuesdaydebugged6 zero-days make this a 'Patch Now' Patch Tuesday