PossibleThreat Articles

Articles for the experts…

Microsoft

ComputerWorld Independent 

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

0 Comments , , , ,

Credit to Author: Woody Leonhard| Date: Mon, 01 Jul 2019 04:36:00 -0700

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft beefs up OneDrive security

0 Comments , , ,

Credit to Author: Gregg Keizer| Date: Wed, 26 Jun 2019 11:49:00 -0700

Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.

The new feature – dubbed OneDrive Personal Vault – was trumpeted as a special protected partition of OneDrive where users could lock their “most sensitive and important files.” They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user’s smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)

To read this article in full, please click here

Read more
ComputerWorld Independent 

The case against knee-jerk installation of Windows patches

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Mon, 17 Jun 2019 03:10:00 -0700

Heresy. Yes, I know. Any way you slice it, from my point of view anyway, Windows Automatic Update is for chumps.

Just like the “users must be forced to change their passwords frequently” argument that’s no longer au courant, the “users must get patched immediately” argument is based on old, faulty, and totally unsubstantiated claims that make security people feel better — and little else.

With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security “experts” huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.

To read this article in full, please click here

Read more