Microsoft Patch Tuesday | Breaking Cybersecurity News | The Hacker News

Today Microsoft has released its Advance Notification for the month of June 2014 Patch Tuesday releasing seven security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity. This Tuesday, Microsoft will issue Security Updates to address seven major vulnerabilities and all those are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Word, Microsoft Office and Internet Explorer. CRITICAL VULNERABILITY THAT YOU MUST PATCH Bulletin one is considered to be the most critical one, which will address a the zero-day Remote Code Execution vulnerability, affecting all versions of Internet Explorer, including IE11 in Windows 8.1.  All server versions of Windows are affected by this vulnerability, but at low level of severity because by default, Internet Explorer runs in Enhanced Security Configuration and just because Server Core version

Microsoft has released its advance notification for the month of May 2014 patch Tuesday security updates, that will patch a total of eight flaws issued next Tuesday , May 13. Among the eight vulnerabilities two of them are rated critical, rest all are rated important in severity. Just a week before, Microsoft provided an 'out-of-band security update' for all versions of Internet Explorer (IE) that were affected by the zero-day vulnerability , and since IE6 for Windows XP retired last month, even though it received patches for IE6 zero-day flaw. But, Microsoft has no plan to make any such accommodations this time. 13th MAY 2014 - MICROSOFT PATCH TUESDAY  Next week the security updates will include fixes for vulnerabilities including the critical one in Internet Explorer (IE), along with .NET Framework, Windows, Office and SharePoint for all versions of Windows except Windows XP.  " Our existing policy remains in place, and as such, Microsoft no longer supports

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

On passed Thursday, Microsoft has released an advance advisory alert for upcoming Patch Tuesday which will address Remote Code Execution vulnerabilities in several Microsoft's products. Microsoft came across a limited targeted attacks directed at their Microsoft Word 2010 because of the vulnerability in the older versions of Microsoft Word. This Tuesday Microsoft will release Security Updates to address four major vulnerabilities, out of which two are labeled as critical and remaining two are Important to patch as the flaws are affecting various Microsoft software such as, Microsoft Office suite, Microsoft web apps, Microsoft Windows, Internet Explorer etc. VULNERABILITY THAT YOU  MUST PATCH Google Security Team has reported a critical Remote code execution vulnerability in Microsoft Word 2010 ( CVE-2014-1761 ) which could be exploited by an attacker to execute the malicious code remotely via a specially crafted RTF file , if opened by a user with an affected vers

Today Microsoft has released Security Bulletin Advanced Notification for February 2014 Patch Tuesday. The notification dictates five bulletins out of which two have critical Remote Code Execution and rest are important in aspect to severity of security flaw. A Remote Code Execution vulnerability has been found in Security software of Microsoft i.e. Forefront Protection 2010 for Exchange Server, but this time there will be no new bulletins for Internet Explorer. Not only this, users of Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1 are also advised to patch their systems in order to protect themselves from being a victim of malicious code which is exploiting Remote code execution vulnerability. Except the remote code execution, Microsoft is going to release patches for privilege escalation, information disclosure, and denial of service security flaws in Windows operating syste

Watering hole Internet Explorer 8 zero-day attack on the US Department of Labor website last week has spread to 9 more global websites over the weekend, including those run by a big European company operating in the aerospace, defense , and security industries as well as non-profit groups and institutes Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least. Researchers analyzing the attacks say that the attack tie it to a China-based hacking group known as " DeepPanda ". Security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. Micros

It's Microsoft Patch Tuesday, and time of the month in which we gather round, hold hands, and see just how much of Microsoft's software needs patching. Prepare your systems, Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system (OS), some Office components and also Mac OS X, through Silverlight and Office and 4 out of 7 are critical patches. Critical :  The first bulletin will address a remote code execution vulnerability affecting Windows and Internet Explorer. Critical : The second bulletin addresses a remote code execution vulnerability affecting Microsoft Silverlight. Critical :  The third bulletin addresses a remote code execution vulnerability affecting Office. The fourth security bulletin addresses a critical elevation of privilege vulnerability affecting both the Office and Server suites. Important : The fifth and sixth security bulletins address an information disclosure vulnerability affecting Microsoft Off

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch Tuesday. According to Microsoft's advisory , The 12 security update including two for Internet Explorer (IE), that will patch a near-record 57 vulnerabilities in the browser, Windows, Office and the enterprise-critical Exchange Server email software. Part of this update will be security patches for every single version of Internet Explorer. Apparently, this is to address a security hole that leaves users open to being exploited through drive-by attacks. Out of the 12 updates, five are considered " critical, " and others are labeled " important, ". As always, the critical patches will automatically install for any Windows users with automatic updates enabled. Two of the