Microsoft Office – Page 4 – PossibleThreat Articles

Credit to Author: Woody Leonhard| Date: Wed, 26 Feb 2020 09:44:00 -0800

The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it – leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month’s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn’t been officially acknowledged by Microsoft outside of a blog post. But at least it’s well known and understood.

Folks running SQL Server and Exchange Server networks need to get patched right away.

Win10 UEFI update KB 4524244 blockages

Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: January 2020 patches look relatively benign

January 23, 2020 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Thu, 23 Jan 2020 07:17:00 -0800

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: December patches hang Win7 Pro endpoints and force Server 2012 reboots

January 6, 2020 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 06 Jan 2020 09:55:00 -0800

It was the kind of month admins dread: Mysterious problems on hundreds of machines, with no apparent cause or cure. Toss in the holidays, and we had a whole lot of Mr. and Ms. Grinches in the industry.

Fortunately, it looks like the problems have been sorted out at this point. Individual users had many fewer problems. Microsoft’s left and right hands still aren’t talking on the 1909 team, but what else is new…

Win7 hang on ‘Preparing to configure Windows’

Microsoft dropped a new Servicing Stack Update for Windows 7 on Dec. 10, and it gummed up the works for many. Here’s a good summary on Reddit from poster Djaesthetic:

To read this article in full, please click here

Security Sophos

A Lighter-than-normal Patch Tuesday for December, 2019

December 10, 2019 0 Comments acrobat, adobe reader, Edge, flash, hyperv, lync, Microsoft Office, skype, SophosLabs Uncut, sql server, VBscript, visual studio, Windows, windows server

Credit to Author: alexandrebecholey| Date: Wed, 11 Dec 2019 00:36:22 +0000

There may be a smaller overall tally of things to fix this month than in recent update cycles, but at least one bug is being exploited in the wild<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gu6tev4DC1Q” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Microsoft Patch Alert: November patches behave themselves – with a few exceptions

December 3, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

To read this article in full, please click here

Security Sophos

Office for Mac 2011 users warned about SYLK file format

November 5, 2019 0 Comments Apple, cert/cc, mac, Microsoft, Microsoft Office, Operating Systems, security threats, sylk, Technologies, vulnerability, Windows, xml macro

Credit to Author: John E Dunn| Date: Tue, 05 Nov 2019 17:14:21 +0000

Still running Office 2011 on a Mac? If so, there are at least two reasons why that might not be a good idea.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/HjBh551ovHI” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs

October 29, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 29 Oct 2019 12:18:00 -0700

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here

MalwareBytes Security

A week in security (September 30 – October 6)

October 7, 2019 0 Comments A week in security, Adwind RAT, APT, cobalt, consumer behavior study, daas, disinformation-as-a-service, domestic violence awareness month, ghostcat-3pc, google alert, Hyas, insikt group, magecart group 4, Microsoft Office, Microsoft Word, national cyber security centre, national cybersecurity awareness month, ncsam, ncsc, odt, opendocument text, Ransomware, robocall, scams in ads, security orchestration, security research labs, simjacking, sms-based attacks, srlabs, Stalkerware, the media trust, vpn vulnerabilities

Credit to Author: Malwarebytes Labs| Date: Mon, 07 Oct 2019 15:43:53 +0000

A roundup of the latest cybersecurity news for the week of September 30 – October 6, including National Cybersecurity Awareness Month, Magecart, and more.

Categories:

A week in security

Tags: Adwind RAT APT Cobalt consumer behavior study DaaS disinformation-as-a-service domestic violence awareness month GhostCat-3PC Google Alert HYAS Insikt Group Magecart Group 4 Microsoft Office microsoft word National Cyber Security Centre national cybersecurity awareness month NCSAM NCSC ODT OpenDocument Text ransomware robocall scams in ads security orchestration Security Research Labs simjacking SMS-based attacks SRLabs stalkerware The Media Trust VPN vulnerabilities

(Read more…)

The post A week in security (September 30 – October 6) appeared first on Malwarebytes Labs.

ComputerWorld Independent

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming

September 30, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Mon, 30 Sep 2019 10:16:00 -0700

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: Full of sound and fury, signifying nothing

August 30, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

To read this article in full, please click here