Patch Tuesday

(get it in RSS or Atom)

Update Tuesday, April 2015 - Urgent action needed over Microsoft HTTP bug

We don't usually focus on one vulnerability and say, "Do that first." But this month, we're willing to make an exception.

The Microsoft HTTP stack has a bug that could let attackers straight in with a simple HTTP request...

Reboot loop! Microsoft update to fix an old update ends up breaking a new update...

O! What a tangled web we weave!

Microsoft reissued a broken update from back in October 2014...and promptly broke a new update from March 2015.

Update Tuesday wrap-up, March 2015 - FREAK fixed fast, and lots more from Microsoft

Adobe published no bulletins for March 2015, so this one is all about Microsoft...

What do you mean, "Facebook is now text only"? - 60 Sec Security [VIDEO]

\

Here's the latest episode of our weekly one-minute security video.

Fun, fast...and educational.

The "JASBUG" Windows vulnerability - beyond the hype, what you need to know

jasbug-500

Struggling to understand the JASBUG flaw fixed by Microsoft in this month's Update Tuesday?

Paul Ducklin explains it clearly, with minimal jargon.

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

SSCC 181 - The Security Duel: "Bug reports at 15 paces" [PODCAST]

Microsoft vs. Google - Google vs. Users - Hackers vs. US Army - the fight is on in the latest episode of our weekly security podcast!

Enjoy...

Update Tuesday wrap-up, January 2015 - See? We didn't use the word "Patch"!

Like fingers and thumbs, not all updates are patches, even if all patches are updates.

So, here's the skinny on Update Tuesday...including the security patches, of course.

"Dear Facebook, I DEMAND that you ignore my demands" - 60 Sec Security [VIDEO]

Our weekly security news video, for your viewing pleasure.

Fun with a serious side, in just one minute...watch now!

Microsoft discontinues Advance Notification Service, but why?

Microsoft. Image from Shutterstock

Microsoft kicked off 2015 by discontinuing its Advance Notification Service which alerted IT professionals to fixes that would ship the following week, allowing time to prepare staff and systems.

"Like fish and chips without the fish. Or the chips"... 60 Sec Security [VIDEO]

Here's the latest episode of our 60 Second Security video.

Enjoy the week's news in just one minute...

Microsoft pulls Patch Tuesday fix - "Outlook can't connect to Exchange"

ehlo-250

Part of Patch Tuesday is now only partly available as Microsoft recalls its already-delayed Exchange 2010 update.

Paul Ducklin takes a look...

Patch Tuesday wrap-up, December 2014 - why "Important" can be Critical...

Adobe and Microsoft put forth their respective Patch Tuesday updates this week, bringing you their last scheduled patches of 2014.

Paul Ducklin digs in...

"That's not a hack..." - 60 Sec Security [VIDEO]

Here's our latest 60 Second Security video.

One week of news in one amusingly informative minute...

Microsoft "tops up" Patch Tuesday, issues delayed fix for zero-day hole in logon security

Microsoft has issued a "top up" security bulletin for a fix that didn't quite make it into the November 2014 Patch Tuesday.

The vulnerability can be used to turn any user into a domain administrator, and it's been exploited in the wild...

SSCC 173 - Lest we forget [PODCAST]

Here's the latest episode of our weekly "Chet Chat" security podast.

Chet and Duck take on the week's news in their inimitable way...enjoy!

Patch Tuesday wrap-up, November 2014: Microsoft joins the "security hole in HTTPS" club

Here's what you need to know about the November 2014 Patch Tuesday updates from Microsoft and Adobe...

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...