Monday 3 October 2016

September Patch Tuesday delivers critical updates to IE and Adobe Flash

Microsoft traditionally has a large patch release for September. This September's Patch Tuesday is no exception with 14 updates, seven rated as critical, seven rated as important, altogether resolving a total of 50 reported vulnerabilities. Unlike last month, September brings a zero-day vulnerability with the update MS16-104. Unfortunately, this patch to IE also includes a publicly reported security issue. So this month we have a number of Microsoft updates on the "Patch Now" list including: MS16-104, MS16-115, MS16-116 and MS16-117. And the update to the Windows kernel with MS16-111 may make some administrators pause for a little more testing due to the core system files updated.

You can read more here.

Thursday 18 August 2016

LinkBait: Interesting reads for the month of August

Each month, I try to (with a little help from my friends) compile a list of interesting links about application compatibility and general platform issues.

Here is my suggested reading list for this month's "packaging canon" 

Platform News
Windows Redstone 1 is now known as the Windows 10 Anniversary Update and is a major update to Windows and brings other upgrades:

September 26-30

Install News

Browser News
Edge browser now supports extensions, has pinnable tabs and notifications

Other News

Thursday 16 June 2016

June Patch Tuesday delivers five critical updates and (hopefully) the end of QuickTime

A few months ago, we saw the end of Oracle JAVA Plugin support, and now we see the end of QuickTime with the call to remove it from your systems. If only we could get rid of Adobe Flash. For this June Patch Tuesday, we won’t see an update to Adobe Flash from Microsoft, but we may see an update from Adobe later this month. With 16 updates for June, we already have enough to worry about. Microsoft has released five critical updates and the remaining 11 patches are rated as important, covering a total of 44 vulnerabilities. This month looks like a pretty straightforward update cycle, with some very targeted updates from Microsoft which should have a low to moderate risk for deployment.

You can also read about Patch Tuesday from Chris Goettl's blog found here.  Chris also products a great infographic each month that summarises Patch Tuesday that is definitely worth a look.

You can read more about this Patch Tuesday on the Computer World column found here.

Wednesday 8 June 2016

Critical updates for IE, Edge and Flash for this May Patch Tuesday

Historically, May has been a big month for Microsoft updates. This May, we see 16 updates, covering all versions of Windows, IE and Edge as well as an update for Adobe Flash player.

With eight updates rated as critical and the remaining patches rated as important, Microsoft seems to have adopted a new clustering approach to patches. We have seen pairings of IE and Edge in the past, but this month we see core components (VBscript and JScript) linked with browser updates. In addition, we also have kernel updates linked to kernel mode driver updates (MS16-060 and MS16-061). We are also missing MS16-063! And, this month we also get the benefit of a nice looking infographic from Shavlik.

You can read more about this ComputerWorld article here

Critical updates for IE, Edge and Adobe Flash for April Patch Tuesday

This April, Microsoft has released another large batch of Windows updates with six rated as critical and the remaining seven rated as important.

Although there has been a large amount of hype relating to the latest security scare (BadLock), the real issue this month is the Adobe Player vulnerability addressed in MS16-050. Both Microsoft browsers require urgent updates due to more memory corruption issues (MS16-037 and MS16-038). I am not quite sure that Microsoft does this deliberately, but it seems that every month, the second to last update rated as important could be considered a little “worrisome.” This month it's MS16-048, which updates a key windows system (that handles logins) that may require some additional testing before production deployments.

Here’s the link to Shavlik’s helpful Patch Tuesday infographic that outlines the risks and exploitability of all these patches.

You can read more about this ComputerWorld article here.