If you use modern-day Microsoft software products as a standard end user or a Windows Server administrator and use Remote Desktop Protocol (RDP) in any fashion or use any software programs that utilize CryptoAPI, I strongly recommend you patch right away! The Cybersecurity and Infrastructure Security Agency (CISA) released an alert about three critical RDP patches and an … [Read more...]
Vulnerability Disclosure Fight – WSWiR Episode 135
Want a quick way to learn about the latest information security (infosec) news and tips? Then this is the video for you! Every week, I summarize the most important stuff, and share what you should do about it. This week, we've changed the format of the show. Since I'm now posting the Daily Security Byte every week day, our weekly episode will summarize those episodes, share … [Read more...]
Next Week's Patch Tuesday Focuses on IE
I'm sure you're used to the Microsoft Patch drill by now, so let's jump right in... According to their advanced notification post, Microsoft plans to release five security bulletins next Tuesday, which is a rather small number compared to Patch Days of recent past. Their notice warns that the bulletins will include security updates for Windows, Office, and Internet Explorer … [Read more...]
Microsoft Black Tuesday: Fix for IE8 Zero Day and More
Calling all Microsoft administrators. It's time to spin up your virtual test machines and download, test, and deploy May's batch of Microsoft security updates. This month's theme is IE updates; with a focus on a recent IE zero day vulnerability, as well as a continuation of the "use after free" vulnerability theme I commented on last month. According to their summary post, … [Read more...]
Microsoft Corrects Vulnerabilities in MDAC and Backup Manager
Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack, including enticing your users into visiting malicious websites or opening specially crafted files Impact: In the worst case, an attacker can gain complete control of your Windows computer What to do: Install the … [Read more...]