Articles about patch management

dump truck

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products. The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages. For Database, the update addresses a total of …
Shaun Nichols, 16 Oct 2018
army

Hunt for Red Bugtober: US military's weapon systems riddled with security holes – auditors

Computer security vulnerabilities are widespread in US military hardware, and the Pentagon is only beginning to understand how to fix them. This is according to a October report [PDF] on cybersecurity practices in Uncle Sam's armed forces, drawn up by the Government Accountability Office (GAO). Leading with the subtle title " …
IBM PC

WebSphere and loathing in New York: IBM yanks buggy application server security fix from admins

IBM has withdrawn a patch for a significant security vulnerability in its WebSphere Application Server after the code knackered some systems. Just this week, Big Blue said it is working on a new fix for CVE-2018-1567, a remote-code execution vulnerability in versions 9.0, 8.5, 8.0, and 7.0 of the platform. The bug has received …
Shaun Nichols, 11 Oct 2018

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the …
Shaun Nichols, 6 Oct 2017
Surprised man computer photo via Shutterstock

Feelin' safe and snug on Linux while the Windows world burns? Stop that

The ransomware problems reported by The Reg over the past few weeks are enough to make you, er, wanna cry. Yet all that's happened is that known issues with Windows machines – desktop and server – have now come to everyone's attention and the bandwidth out of Microsoft's Windows Update servers has likely increased a bit relative …
plasters cover arm. photo by shutterstock

Enterprise patching... is patchy, survey finds

Delays in updating software and operating systems are putting organisations at greater risk of attacks, according to research by Duo Security. The survey, based on real-world data*, found that less than a third (31 per cent) of Windows endpoints are running the latest version, Windows 10. More than half (53 per cent) of …
John Leyden, 5 Jun 2017
I for one welcome our new insect overlords

Microsoft patched more Malware Protection Engine bugs last week

Microsoft has broken out of its usual cycle to patch more Malware Protection Engine bugs notified privately by Google Project Zero. Project Zero's Mateusz Jurczyk didn't turn up just one “crazy bad” bug: while the new bugs are all named either “Microsoft Malware Protection Engine Denial of Service Vulnerability” or “Microsoft …

Ransomware hits Australian hospitals after botched patch

Hospitals connected to Australian State of Queensland's integrated electronic medical record system (ieMR) are suffering outages attributed to patching against a ransomware attack. Since the ransomware-de-jour is WannaCry/WannaCrypt, it's a fair bet that's what Queensland Health was working to patch, but somewhere along the …
wannacry

Wannacry: Everything you still need to know because there were so many unanswered Qs

Vid It has been a week since the Wannacry ransomware burst onto the world's computers – and security researchers think they have figured out how it all started. Many assumed the nasty code made its way into organizations via email – either spammed out, or tailored for specific individuals – using infected attachments. Once …
Iain Thomson, 20 May 2017

Do we need Windows patch legislation?

Poll Microsoft has got off remarkably lightly from WannaCry, as the finger pointing between Whitehall and NHS trusts began. But that might be beginning to change. The NHS had 70,000 Windows XP PCs, but only after the ransomware hit did Microsoft issue a patch. Officially, support had ended in 2014, spurring an upgrade cycle. In a …
Andrew Orlowski, 16 May 2017
Blame, photo via Shutterstock

Why Microsoft's Windows game plan makes us WannaCry

Analysis In the circular firing squad of WannaCrypt, the world's largest recorded ransomware outbreak, nobody looks good. Not end-users for clinging to dated and unprotected Windows PCs despite warnings, not the government whose National Health Service saw 61 organisations compromised, and certainly not Microsoft – the actual author of …
Gavin Clarke, 16 May 2017

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Exclusive When the WannaCrypt ransomware exploded across the world over the weekend, infecting Windows systems using a stolen NSA exploit, Microsoft president Brad Smith quickly blamed the spy agency. If the snoops hadn't stockpiled hacking tools and details of vulnerabilities, these instruments wouldn't have leaked into the wild, sparing …
Iain Thomson, 16 May 2017
Army of Darkness. Universal Pictures.

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book

Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants. The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine …
Shaun Nichols, 16 May 2017

Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

Miscreants have launched a ransomware worm variant that abuses the same vulnerability as ‪the infamous WannaCry‬pt‪ malware. Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, …
John Leyden, 15 May 2017
ransomware

Microsoft to spooks: WannaCrypt was inevitable, quit hoarding

In the midst of the ongoing WannaCrypt attacks, Microsoft has issued an unusually strongly-worded warning to governments around the world to quit hoarding vulnerabilities. The bug exploited by the attack was hoarded by the United States national security agency (NSA), leaked earlier this year and since patched by Microsoft – …
ransomware

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Special report The WannaCrypt ransomware worm, aka WanaCrypt or Wcry, today exploded across 74 countries, infecting hospitals, businesses including Fedex, rail stations, universities, at least one national telco, and more organizations. In response, Microsoft has released emergency security patches to defend against the malware for …
Iain Thomson, 13 May 2017

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Final update UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
Kat Hall, 12 May 2017

Cisco patches switch hijacking hole – the one exploited by the CIA

Cisco has patched a critical security flaw in its switches that can be potentially exploited by miscreants to hijack networks – a flaw disclosed in the Vault 7 leak of CIA files. Switchzilla says the vulnerability, CVE-2017-3881, can be exploited remotely by simply establishing a Telnet connection and sending a cluster …
Shaun Nichols, 9 May 2017

Create a news alert about patch management, or find more stories about patch management.

Biting the hand that feeds IT © 1998–2018