Posts Tagged: Office


11
Jul 17

Adobe, Microsoft Push Critical Security Fixes

It’s Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe’s got a new version of its Flash Player available that addresses at least three vulnerabilities.

brokenwindowsThe updates from Microsoft concern many of the usual program groups that seem to need monthly security fixes, including Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange.

According to security firm Qualys, the Windows update that is most urgent for enterprises tackles a critical bug in the Windows Search Service that could be exploited remotely via the SMB file-sharing service built into both Windows workstations and servers.

Qualys says the issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1.

“While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.” Qualys notes, referring to the recent rash of ransomware attacks which leveraged similar vulnerabilities.

Other critical fixes of note in this month’s release from Microsoft include at least three vulnerabilities in Microsoft’s built-in browser — Edge or Internet Explorer depending on your version of Windows. There are at least three serious flaws in these browsers that were publicly detailed prior to today’s release, suggesting that malicious hackers may have had some advance notice on figuring out how to exploit these weaknesses.

brokenflash-aAs it is accustomed to doing on Microsoft’s Patch Tuesday, Adobe released a new version of its Flash Player browser plugin that addresses a trio of flaws in that program.

The latest update brings Flash to v. 26.0.0.137 for Windows, Mac and Linux users alike. If you have Flash installed, you should update, hobble or remove Flash as soon as possible. To see which version of Flash your browser may have installed, check out this page. Continue reading →


13
Jul 10

Microsoft Security Updates, and a Farewell to Windows XP Service Pack 2

Microsoft today released software updates to fix at least five security vulnerabilities in computers running its Windows operating system and Office applications. Today also marks the planned end-of-life deadline for Windows XP Service Pack 2, a bundle of security updates and features that Microsoft first released in 2004.

Four out of five of the flaws fixed in today’s patch batch earned a “critical” rating, Redmond’s most severe. Chief among them is a bug in the Help and Support Center on Windows XP and Server 2003 systems that’s currently being exploited by crooks to break into vulnerable machines. Microsoft released an interim “FixIt” tool last month to help users blunt the threat from this flaw, and users who applied that fix still should install this patch (and no, you don’t need to undo the FixIt setting first). Update 5:50 p.m. ET: I stand corrected on this — it looks like Microsoft won’t offer the patch for this flaw if you’ve already used the FixIt tool.

Continue reading →