patch management

As Windows users, staying informed about security vulnerabilities is crucial to ensure the safety and integrity of our systems. Recently, a significant vulnerability identified as CVE-2024-38223 was published, indicating an elevation of privilege issue linked to the Windows Initial Machine...

On August 13, 2024, Microsoft published critical information regarding a newly identified security vulnerability, designated CVE-2024-38159. This vulnerability is related to Windows Network Virtualization and poses a risk of remote code execution (RCE). In this article, we will provide a...

Windows updates are often a point of contention for users, primarily due to the required restarts and the time they occupy. However, it appears that Microsoft is planning a significant change to how updates are applied, which could notably enhance the user experience on Windows 11. The Potential...

In the realm of Windows security, the continuous battle against vulnerabilities remains ever-present. Recently, steps have been released to mitigate vulnerabilities in Kerberos Signature Validation through the unveiling of KB5037754. This article delves into the essential information surrounding...

Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...

After update KB5005565, my shared printers quit working on the client computer. I uninstalled the update, then they worked again. Now, after the latest update KB5006670, they quit working with different symptoms. The client computer can't connect to them over the network. The Microsoft...

Continue reading...

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...

A few of us over at MSFN use Server 2012 security-only updates to patch Windows 8 until October 2023. However ..... As of July 2021, all of the new security only updates for Server 2012 (including KB5004294 and KB5004960) now will remove the Adobe Flash Component from Windows 8. I enjoy...

Continue reading...

Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...

Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...

Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...

Original release date: January 14, 2020 Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can...

Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...

After reading lots of articles I need still clarification about some basic facts: At first: There is a "normal" built-in Windows Updates service available in ALL Win10 versions. Beside this "basic" update mechanism there is a so called "WSUS" service. This is a separate (software) server which...

Original release date: June 17, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and...

From Windows 7 I know that all the updates are divided into two categories: - security-related or - optional=feature-only updates. I can setup Win7 so that only security updates are downloaded and applied. Is there a corresponding categorization in Windows 10? I prefer to download and apply...

Normally users perform the following procedure for Win10: download Win10 base package ISO directly install this Win10 base package ISO download the cumulative update apply this cumulative update onto the already installed base version I wonder whether there is a way to download an ISO WITH (!)...

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Link Removed. Continue reading...