Articles about patch management

plasters cover arm. photo by shutterstock

Enterprise patching... is patchy, survey finds

Delays in updating software and operating systems are putting organisations at greater risk of attacks, according to research by Duo Security. The survey, based on real-world data*, found that less than a third (31 per cent) of Windows endpoints are running the latest version, Windows 10. More than half (53 per cent) of …
John Leyden, 5 Jun 2017
I for one welcome our new insect overlords

Microsoft patched more Malware Protection Engine bugs last week

Microsoft has broken out of its usual cycle to patch more Malware Protection Engine bugs notified privately by Google Project Zero. Project Zero's Mateusz Jurczyk didn't turn up just one “crazy bad” bug: while the new bugs are all named either “Microsoft Malware Protection Engine Denial of Service Vulnerability” or “Microsoft …

Ransomware hits Australian hospitals after botched patch

Hospitals connected to Australian State of Queensland's integrated electronic medical record system (ieMR) are suffering outages attributed to patching against a ransomware attack. Since the ransomware-de-jour is WannaCry/WannaCrypt, it's a fair bet that's what Queensland Health was working to patch, but somewhere along the …
wannacry

Wannacry: Everything you still need to know because there were so many unanswered Qs

Vid It has been a week since the Wannacry ransomware burst onto the world's computers – and security researchers think they have figured out how it all started. Many assumed the nasty code made its way into organizations via email – either spammed out, or tailored for specific individuals – using infected attachments. Once …
Iain Thomson, 20 May 2017

Do we need Windows patch legislation?

Poll Microsoft has got off remarkably lightly from WannaCry, as the finger pointing between Whitehall and NHS trusts began. But that might be beginning to change. The NHS had 70,000 Windows XP PCs, but only after the ransomware hit did Microsoft issue a patch. Officially, support had ended in 2014, spurring an upgrade cycle. In a …
Andrew Orlowski, 16 May 2017
Blame, photo via Shutterstock

Why Microsoft's Windows game plan makes us WannaCry

Analysis In the circular firing squad of WannaCrypt, the world's largest recorded ransomware outbreak, nobody looks good. Not end-users for clinging to dated and unprotected Windows PCs despite warnings, not the government whose National Health Service saw 61 organisations compromised, and certainly not Microsoft – the actual author of …
Gavin Clarke, 16 May 2017

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Exclusive When the WannaCrypt ransomware exploded across the world over the weekend, infecting Windows systems using a stolen NSA exploit, Microsoft president Brad Smith quickly blamed the spy agency. If the snoops hadn't stockpiled hacking tools and details of vulnerabilities, these instruments wouldn't have leaked into the wild, sparing …
Iain Thomson, 16 May 2017
Army of Darkness. Universal Pictures.

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book

Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants. The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine …
Shaun Nichols, 16 May 2017

Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware. Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, …
John Leyden, 15 May 2017
ransomware

Microsoft to spooks: WannaCrypt was inevitable, quit hoarding

In the midst of the ongoing WannaCrypt attacks, Microsoft has issued an unusually strongly-worded warning to governments around the world to quit hoarding vulnerabilities. The bug exploited by the attack was hoarded by the United States national security agency (NSA), leaked earlier this year and since patched by Microsoft – …
ransomware

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Special report The WannaCrypt ransomware worm, aka WanaCrypt or Wcry, today exploded across 74 countries, infecting hospitals, businesses including Fedex, rail stations, universities, at least one national telco, and more organizations. In response, Microsoft has released emergency security patches to defend against the malware for …
Iain Thomson, 13 May 2017

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Final update UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
Kat Hall, 12 May 2017

Cisco patches switch hijacking hole – the one exploited by the CIA

Cisco has patched a critical security flaw in its switches that can be potentially exploited by miscreants to hijack networks – a flaw disclosed in the Vault 7 leak of CIA files. Switchzilla says the vulnerability, CVE-2017-3881, can be exploited remotely by simply establishing a Telnet connection and sending a cluster …
Shaun Nichols, 9 May 2017
Wordpress logo

Put down the coffee, stop slacking your app chaps or whatever – and patch Wordpress

Internet scribblers who use WordPress must update their installation of the publishing tool following the disclosure and patching of six security holes. Version 4.7.3 of the content management system includes fixes for the half dozen flaws that could allow for, among other things, cross-site scripting and request forgery …
Shaun Nichols, 7 Mar 2017
IK Multimedia AmpliTube on GarageBand

Apple: Don't panic, but your Mac can be pwned via GarageBand .bands

Apple says a newly patched hole in its GarageBand music tool could allow for remote code execution on the Mac. The GarageBand 10.1.6 update is being pushed out to all Macs running OS X Yosemite and later. Because GarageBand is installed by default on OS X systems, all Mac owners should install the patch, but those who …
Shaun Nichols, 14 Feb 2017
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

Hackers hustle to hassle un-patched Joomla! sites

Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged …
Darren Pauli, 2 Nov 2016
Cat from Cisco TV ad

Cisco: Whoops, hackers can commandeer your TelePresence boxes with a devilish HTTP poke

Cisco has released three security patches to address flaws in its TelePresence, FirePower and Adaptive Security Appliance lines. The May bundle includes one patch classified by Cisco as "critical" and two more labeled "high" risks. In total, the updates remedy three CVE-listed security vulnerabilities: For TelePresence …
Shaun Nichols, 4 May 2016
Video

Smart telly, router, app makers have left a security hole open for – drum-roll – three years

A security hole that has been known and patched for the last three years remains vulnerable in over 6.1 million connected devices. This according to Trend Micro, who says its researchers have discovered that a collection of remote code execution vulnerabilities in a software library used by mobile devices, smart TVs, and …
Shaun Nichols, 4 Dec 2015

Create a news alert about patch management, or find more stories about patch management.

Biting the hand that feeds IT © 1998–2017