Skip to main content
Please wait...

A zero-day and testing of key printing features will drive August Windows updates

2 months 1 week ago

Though a DNS spoofing vulnerability in Windows (CVE-2020-1464) has been rated as a zero-day due to reports of exploitation in the wild, the focus for this month’s updates should be on testing key Windows features prior to deployment. Primarily, printing and back-up scenarios will require your attention. You will also need to work with multiple and potentially overlapping updates to Window and the .NET development platform and, in some cases, Windows Store updates to your application portfolio.

Given the number and nature of changes we have seen in the update testing cycle during the past month, we advise a “Patch Now” approach to Windows 10, but with an extended test cycle on printing and more attention to the Windows 8.x platforms.

To read this article in full, please click here

Greg Lambert

Managing Windows 7 security risks

2 months 1 week ago
We’ve heard security experts warn that remote employees working on personal devices running old operating systems, like Windows 7, pose a huge security risk to enterprises. With some work from home regulations extending into 2021, IT teams will continue to manage employee devices and mitigate security risks remotely. Computerworld contributing editor and Windows expert Preston Gralla joins Juliet to discuss why Windows 7 is a security risk and what IT teams can do to manage that risk as employees continue to work off of unsecure personal and company devices.

Slack talks up security with new encryption options, FedRAMP certification

2 months 1 week ago

As Slack works to entice large organizations to deploy its channel-based collaboration app, the company is touting a variety of security upgrades, including an expanded enterprise key management (EKM) system and stronger compliance capabilities.

Among the updates announced Tuesday is the extension of EKM to give admins greater flexibility over the encryption of message data. Slack’s EKM, introduced in 2018 for Enterprise Grid customers, can now cover data sent by users accessing the Workflow Builder automation tool. The company also plans to expand EKM to messages sent in Slack Connect - the company’s  recently announced platform for multi-company conversations - when it launches later this year. 

To read this article in full, please click here

Matthew Finnegan

It's Patch Tuesday time. Make sure to have auto updates paused.

2 months 1 week ago

If you want to join the ranks of the unpaid beta testers, please go right ahead. Don’t do anything and Patch Tuesday will find you. Make sure you tell us about any problems on AskWoody.com.

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right away; the patches bring bugs; the screams of imminent doom disappear as folks realize it takes a while – sometimes quite a while – for the security holes to turn into real, live exploits.

To read this article in full, please click here

Woody Leonhard

Firefox gets next-gen anti-tracking defense, stymies 'bounce' trackers

2 months 2 weeks ago

Mozilla today announced a new defense against advanced tracking tactics that it will be switching on in Firefox 79 starting immediately and pushing out to the remaining user base during the next few weeks.

Calling the improved technologies and techniques Enhanced Tracking Protection 2.0 – Mozilla said that ETP 2.0's primary job is to block redirect tracking, also known as bounce tracking.

[ Related: 9 steps to lock down corporate browsers ]

Trackers have been exploiting a loophole of sorts to continue following users browsing with Firefox, which enabled its first-generation ETP by default in June 2019. ETP takes a hands-off approach for first-party cookies – those tied to the site being browsed – because to do otherwise would break many of those websites or require users to, say, log in each time they returned.

To read this article in full, please click here

Gregg Keizer

Despite an unexpected monkey wrench, now is the time to install the July Windows and Office patches

2 months 3 weeks ago

The folks at Microsoft have pretty much exterminated the bugs they introduced in July’s patches. The Outlook-killing bug got fixed by an emergency update to Microsoft’s own servers. The Win7 .NET patch was fixed and re-released nine days after paying Win7 Extended Security customers started bellyaching.  

To read this article in full, please click here

Woody Leonhard

Microsoft Patch Alert: July 2020

2 months 3 weeks ago

July tends to be a leisurely month in Windows and Office patch land, and this one’s no exception.

We had a bit of a thrill July 15 when Outlook stopped working on millions of PCs all over the world, but Microsoft fixed the bug four hours later by updating its servers.

Folks who pay for Windows 7 Extended Security Updates felt rightfully miffed when the new .NET Framework 4.8 patch, KB 4565636, refused to install. Microsoft took nine days to fix the bug and re-ship the patch.

To read this article in full, please click here

Woody Leonhard

Windows Update is a bifurcated mess

2 months 4 weeks ago

This week’s “Preview” patches led to some bizarre, unexplained, and self-contradictory behavior. Here’s what we’ve been able to piece together, based on what actually happened – not on what Microsoft says is supposed to happen.

Two general sets of “Preview” patches arrived on Tuesday:

  • Optional, non-security, C/D Week Cumulative Updates for Win10 versions 1809, 1903, 1909, and various Servers, but not Win10 version 2004. Microsoft stopped distributing the C/D Week patches in March because of the “public health situation,” but started pushing them again this week.
  • July 21, 2020 Cumulative Update Previews for .NET Framework 3.5 and 4.8 on various versions of Win10. These are optional, non-security Preview patches released later in the month. Microsoft pushes Previews for .NET patches on Win10 infrequently; this year we’ve only seen two, one of them in January, the other in February.

They’re Previews, which means the fixes on offer are still in testing. Normal users shouldn’t go anywhere near them. 

To read this article in full, please click here

Woody Leonhard

At Microsoft Inspire, the new Edge browser took center stage

2 months 4 weeks ago

Disclosure:  Microsoft is a client of the author.

In the new Microsoft, Azure has – to a certain extent – taken over the center stage from the company's Windows Server platform, and the new Chromium Edge Browser has taken center stage from Windows. The ongoing COVID-19 pandemic has accelerated this result as the market rapidly turns from focusing on local hardware to using the Cloud as its primary place to do computing. 

As a result, each new browser update now feels a bit like what the old Windows refresh cycles used to feel like – but without the old compatibility drama. 

[ Related: FAQ: What the new Edge offers the enterprise ]

Microsoft Inspire took place this week, so let’s talk about the browser's new features, mostly focused on business users (now mostly working from home) that look compelling. 

To read this article in full, please click here

Rob Enderle

How to securely erase your Android device in 4 steps

2 months 4 weeks ago

It's an inevitable moment in the smartphone-owning cycle, the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn't resist the lure of whatever sexy new Android device your favorite manufacturer started selling.

Whatever the case, it's common nowadays to find yourself with an extra phone. And while there are plenty of practical uses for an old Android device, there's also a time when the best choice is to sell, donate, or otherwise pass it along.

To read this article in full, please click here

JR Raphael

Microsoft releases some 'optional, non-security, C/D Week' Win10 patches. Avoid them.

3 months ago

I’ve always detested Microsoft’s “optional, non-security, C/D Week” patches because they’re confusing, easy to install accidentally, rarely solve any pressing problems, and potentially introduce yet more bugs. 

Guess what? They’re back. 

As promised last month, Microsoft has started pushing them out again.

To read this article in full, please click here

Woody Leonhard

Now let’s guess what fish’s new password is

3 months ago

It’s COVID-19 days, and everyone at this tech company is practicing social distancing by working from home. All is fine for weeks for this pilot fish, but then his password expires.

An expired password cannot be replaced remotely, so he’s going to have to go in to the office. Fish’s boss says that the building is open, and once fish arrives, he finds it deserted and, he realizes, safer than the supermarket — no one has been inside there for weeks.

After he replaces his password, fish has an inspiration: He stops by the bathroom to grab some industrial-grade toilet paper, a product absent from store shelves for weeks.

To read this article in full, please click here

Sharky

How to get one of iOS's best new privacy features on Android

3 months ago

Apple's latest iOS update may have taken plenty of inspiration from Android — to put it mildly — but iPhone owners will soon enjoy one important feature that isn't anywhere to be found here in the land o' Googley devices. And it's connected to a subject that's increasingly near and dear to many of our hearts: privacy.

The iOS 14 beta includes a new system that shows a visual alert anytime an app is using a device's microphone or camera, even in the background. It's a smart bit of added privacy protection, especially since traditionally — on iOS as well as on Android — once you've granted an app access to those parts of your phone, the app is technically able to tap into 'em anytime, with or without notifying you that it's doing it.

To read this article in full, please click here

JR Raphael

Mozilla launches its first revenue-generating service, VPN for Firefox

3 months ago

Mozilla last week launched its virtual private network (VPN) in the U.S., Canada, the U.K. and three other countries, part of its strategy to expand revenue opportunities for its Firefox browser.

Dubbed Mozilla VPN, the service costs $4.99 per month and is available for devices running Windows and Android. Besides the U.S., Canada and the U.K., Mozilla VPN is also available in Singapore, Malaysia and New Zealand. The service will be offered on macOS and Linux devices "soon," while the iOS version is currently in beta, Mozilla said. For the monthly fee, users can access the VPN from up to five devices.

[ Related: 9 steps to lock down corporate browsers ]

Mozilla kicked off a VPN preview – then tagged Firefox Private Network – nearly a year ago that relied on a browser extension and was free to users within the U.S. The Firefox Private Network was seen as the first of the paid services Mozilla would eventually introduce – another might be online storage – in an attempt to create new revenue streams to augment what the organization is paid to make specific search engines the Firefox default.

To read this article in full, please click here

Gregg Keizer

Advisories and mitigations, oh my! Critical updates for Windows this July

3 months ago

This month's Patch Tuesday update from Microsoft attempts to address 123 unique security vulnerabilities including an urgent issue with Microsoft Outlook (CVE-2020-1349) and a very serious vulnerability in Windows (CVE-2020-1350). The big difference this month is that a “Patch Now” (as in right now-now) effort may not be enough. With average update cycles measured in weeks for most organizations, rapid mitigation strategies are required. Microsoft has offered registry-based fixes, some suggested code-based fixes, and a request to simply stop using certain features.

To read this article in full, please click here

Greg Lambert

It's Patch Tuesday; make sure you pause Windows Updates

3 months 1 week ago

Yes, with Windows you have to get patched sooner or later. No, you don’t have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we’re admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here

Woody Leonhard

Most bugs in Microsoft's June patches have been fixed; go ahead and patch

3 months 2 weeks ago

The most obvious problem with June patches was a conflict between Microsoft’s latest version of Windows and Microsoft’s latest version of Office (er, Microsoft 365) Click-to-Run: If you installed patches as soon as they came out, Outlook wouldn’t run. That bug got cleared up when Microsoft fixed Office a week later, even though Windows was to blame.

We also saw a bunch of belated patches for printers that didn’t work after installing the June Windows updates.

To read this article in full, please click here

Woody Leonhard
Checked
3 minutes 32 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.