Skip to main content
Please wait...

Microsoft Patch Alert: September 2020

3 weeks 4 days ago

What September’s patching frenzy lacked in fireworks, it more than compensated for in volume – and belligerence. Server 2016 hiccups on Security Options. Win10 version 2004 surprises – Lenovo still hasn’t fixed its Blue Screen-inducing Biometric Security setting; the TRIM function still tries to trim spinning hard disks; for some, Start goes wonky, Action Center disappears, and there’s the usual litany of odd, one-off bug reports.

As of early today, we’re still waiting for the Win10 version 2004 “optional, non-security, C/D/E Week” patch, but all of the other expected September patches are in.

Defrag woes in Win10 version 2004 largely fixed, but TRIM still nips

As I’ve mentioned many times, Windows 10 version 2004 shipped with a bug that causes the Windows Optimizer Drives defrag tool to skip updating the completion date on defrag runs. As a result, defrags occur much more frequently than necessary. Microsoft has known about the bug since January – months before 2004 shipped -- but didn’t bother to acknowledge it until a fix appeared this month.

To read this article in full, please click here

Woody Leonhard

Dual biometrics for banking: Double trouble or super-secure?

3 weeks 4 days ago

In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and – nonintuitively – convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition – both performed via a mobile device – and the banks are Hungary’s OTP Bank and Spain’s Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It's clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

To read this article in full, please click here

Evan Schuman

How IT can keep remote workers’ Windows 7 PCs safe

1 month ago

In the time of COVID-19, with so many people working from home, it’s inevitable that many will be using Windows 7 devices. And that’s a big security problem for IT. As of January 2020, Windows 7 is no longer supported by Microsoft. That means no security patches — particularly dangerous at a time when many people are connecting to enterprise networks from their Windows 7 PCs.

To read this article in full, please click here

(Insider Story)
Preston Gralla

Why you need Apple support to secure the C-suite

1 month ago

I get it. You’re one of those enterprises that doesn’t (yet) support Apple products among employees, but does that moratorium extend to the C-suite? I’m willing to bet it does not, and that’s why even Windows-only IT shops must learn how to secure Apple’s products.

Ignore the fantasy, this is reality

The reality is that Apple’s products are popular at work. And while there are many businesses that don’t officially support them, one section of civil society that pretty much always does their own thing no matter what are the boys and girls in the C-suite. I can still recall the number of CFOs I spoke with early on in the iPad days who were deeply interested in trying the Apple tablet. Many did. At a time when no one else could.

To read this article in full, please click here

Jonny Evans

Windows 10 upgrades are rarely useful, say IT admins

1 month ago

A majority of IT administrators polled this summer said that the twice-a-year Windows 10 feature upgrades are not useful – or rarely so – a stunning stance considering how much effort Microsoft puts into building the updates.

About 58% of nearly 500 business professionals who are responsible for servicing Windows at their workplaces said that Windows 10 feature upgrades – two annually, one each in the spring and fall – were either not useful (24%) or rarely useful (34%).

[ Related: Windows 10 version 2004: Key enterprise features ]

Only 20% contended that the upgrades were useful in some fashion, while a slightly larger chunk – 22% – choose a noncommittal neutral as a response, claiming that the operating system's updates were neither useful nor not useful. (It might be best to consider this answer as undecided since in this binary world if something is not not useful, that must mean it is useful.)

To read this article in full, please click here

Gregg Keizer

How COVID-19 has changed IT’s focus and plans for 2021

1 month 1 week ago

The COVID-19 pandemic – and the lockdowns that followed last spring – wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

[ Keep up on the latest thought leadership, insights, how-to, and analysis on IT through Computerworld’s newsletters. ]

The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

To read this article in full, please click here

Galen Gruman

A fat Windows Update for September's Patch Tuesday

1 month 1 week ago

Microsoft has released 129 updates to its Windows ecosystem, but the good news  this month is that we are not responding to any zero-days or publicly reported vulnerabilities. Microsoft appears to be getting serious about removing Adobe Flash Player (a good thing) and we see a very broad update to Windows desktops and servers. Unusually, Microsoft’s browsers are not a huge focus this month, and both the Microsoft Office (excluding SharePoint) and development platform have received only a few, lower profile patches.

[ Related: Microsoft revamps Windows Insider release vernacular ]

We have included a helpful infographic, which this month looks a little lopsided as all of the attention should be on Windows components.

To read this article in full, please click here

Greg Lambert

Beaucoup bugs beset this month’s Windows patches

1 month 1 week ago

Someday, you’ll tell your grandkids about the halcyon days of July and August 2020, when Microsoft took pity on us poor patching souls and introduced few bugs in its stew of Patch Tuesday patches.

Now, it looks like we’re well on our way to another mess.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ]

Although it’s still too early to throw up your hands and peremptorily pass on the September crop, I assure you that there is no joy in Patchville.

To read this article in full, please click here

Woody Leonhard

Microsoft puts Application Guard for Office into public preview

1 month 2 weeks ago

Microsoft has launched a public preview of "Microsoft Defender Application Guard for Office," a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operation – something that existing documentation omitted when the public preview was launched late last month.

[ Related: 10 productivity-boosting apps for Microsoft Teams ]

"Microsoft Office will open files from potentially unsafe locations in Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit, print, and save the files without having to re-open files outside of the container."

To read this article in full, please click here

Gregg Keizer

With Patch Tuesday here, get Windows Update locked down

1 month 2 weeks ago

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ]

It’s been like that for years. Don’t believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here

Woody Leonhard

With Patch Tuesday near, get Windows Update locked down

1 month 2 weeks ago

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ]

It’s been like that for years. Don’t believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here

Woody Leonhard

Yes, you can install the August Windows and Office patches now

1 month 2 weeks ago

It looks like we’re good to go with Microsoft's August Windows and Office patches. The second cumulative update for Windows 8.1, KB 4578013, throws some Virtual Private Networks out of kilter, and the Win7 patches may knock out your printers (for those of you paying for Win7 Extended Security Updates). But most of the other bugs appear to be squashed.

To read this article in full, please click here

Woody Leonhard

Apple strengthens commitment to human rights with new policy

1 month 2 weeks ago

Apple has once again responded to critics with the publication of a human rights policy it says commits the company to “freedom of information and expression.”

Freedom of expression

“At Apple, we are optimistic about technology’s awesome potential for good,” says CEO Tim Cook. “But we know that it won’t happen on its own. Every day, we work to infuse the devices we make with the humanity that makes us.”

However, the document also points out that Apple is required to obey the law.

To read this article in full, please click here

Jonny Evans

Microsoft Patch Alert: August 2020

1 month 3 weeks ago

With Windows 10 2004 gradually creeping (I use the term intentionally) onto more machines, faults and foibles are coming out of the woodwork. It looks like a fix for the long-lamented version 2004 defrag bugs is on the way, but we aren’t there yet. Lenovo isn’t too happy with the August version 2004 cumulative update. It’s still too early to move to 2004, in my opinion — and those problems ensure I’ll keep 2004 off my machines for a while.

Meanwhile, Microsoft extended the end of support date for Win10 version 1803 — a move that’ll interest exactly nobody except for admins with aging Win10 machines. Windows 8.1 patchers got left out in the Remote Access cold for a week. The .NET security updates have an odd, acknowledged bug with a manual registry workaround.

To read this article in full, please click here

Woody Leonhard

TikTok sues the Trump administration, responding to potential U.S. ban

1 month 3 weeks ago
TikTok, the popular short form video app, has filed a lawsuit against the U.S. government, calling the potential U.S. ban an extreme action. At first glance, this lawsuit may mirror another one filed by a different tech company, Huawei. While both Huawei and ByteDance, the owner of TikTok, are Chinese tech companies, the proposed U.S. bans of each of these companies are different. Juliet breaks down why TikTok may fare better in the face of a potential ban than Huawei. More on TikTok’s alleged security threats: https://youtu.be/LzeIOH2U8-8 Check out my latest video about the Huawei ban: https://youtu.be/bDXc7xeS5OE Sources-- https://www.nytimes.com/2020/08/24/technology/tiktok-sues-trump-administration.html https://newsroom.tiktok.com/en-us/tiktok-files-lawsuit Follow Juliet on Twitter: https://twitter.com/julietbeauchamp

Microsoft adds 6 months support to Windows 10 1803, again cites pandemic

1 month 4 weeks ago

Microsoft on Wednesday stretched support for a third version of Windows 10, again citing the coronavirus pandemic and its impact on business.

The Redmond, Wash. developer extended security support for Windows 10 Enterprise 1803 and Windows 10 Education 1803 by six months, to May 11, 2021. The original end-of-support date was to be Nov. 10.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ]

"We have heard your feedback and understand your need to focus on business continuity in the midst of the global pandemic," Chris Morrissey, who leads the communications team for Windows' servicing group, wrote in a post to a company blog. "As a result, we have decided to delay the scheduled end-of-service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1803."

To read this article in full, please click here

Gregg Keizer

Did Microsoft just solve a big business iPad problem

2 months ago
One of the most disappointing things about iOS devices as business devices, and one of the things that keeps the iPad from being a true computing solution, is that there is no support for multiple-user accounts. An unlikely ally is determined to solve the problem for Apple. A future version of Microsoft Authenticator will allow for a multi-user iPad experience.
Ryan Faas

Google to trial drastically truncated URLs in Chrome in anti-phishing move

2 months ago

Google will run a trial with Chrome 86, the browser set to release in October, that will hide much of a site's URL as a way to foil phishing attacks.

"We're ... going to experiment with how URLs are shown in the address bar on desktop platforms," Emily Stark, Eric Mill and Shweta Panditrao, all members of Chrome's security team, wrote in an Aug. 12 post to a company blog. "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they're visiting a malicious website, and protects them from phishing and social engineering attacks."

To read this article in full, please click here

Gregg Keizer

Xcode becomes vector for new Mac malware attack

2 months ago

Trend Micro has identified an insidious new form of Mac malware that is propagated by injecting itself into Xcode projects before they are compiled as apps.

So good they tried it twice

We’ve seen a similar attack before. The so-called "XCode Ghost" was a malware-infested version of Apple’s developer environment that was distributed outside of Apple’s channels. Apps built using the software were preinstalled with malware.

To read this article in full, please click here

Jonny Evans
Checked
45 minutes 11 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.