Microsoft Security Releases
Microsoft Patch Tuesday: 66 Fixes
April’s Patch Tuesday includes 66 bulletins, significantly more than March’s. Included is CVE-2018-1034 for SharePoint. Full details are available from Microsoft.
Microsoft releases Security Update for Malware Protection Engine
Microsoft has released a security update through Windows Update that fixes CVE-2018-0986, a vulnerability in the Microsoft Malware Protection Engine used in Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, and Microsoft Forefront Endpoint Protection. Users should install the latest updates to install the fixes.
Windows 10 AMSI Vulnerability
Security researcher Satoshi Tanda has discovered that a bug in AMSI truncates files after a null character. The Antimalware Scan Interface (AMSI) is a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. It provides enhanced malware protection for users and their data, applications, and workloads.
Source: satoshi’s note
Windows Patches available for Meltdown and Spectre vulnerabilities.
On Jan 3 Microsoft released updates addressing these vulnerabilities for the following operating systems with more to come:
Windows Server 2008 R2
Windows Server 2012 R2
Windows Server 2016
Windows Server Core
We are not recommending you install these during business hours or without Technical assistance as there are reports of systems failing to boot patch as of today
Microsoft Releases 12 Security Updates
Microsoft released 12 bulletins, six of which were rated critical, including one for Internet Explorer and one for the Edge browser.
Windows users should ensure the critical updates are installed ASAP.
KRACK Wireless Security Vulnerability
A vulnerability in the WPA2 wireless protocol called Krack potentially allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.
To protect yourself, many Wi-Fi product vendors will be releasing updated firmware and drivers for their products. It is strongly recommended that users update their hardware or have it updated as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.
Microsoft October Patch Tuesday Fixes 62 Issues
The October 2017 Patch released this past Tuesday, addresses important security issues including a Word zero-day vulnerability. Users who are not on auto updates should install them immediately.
Adobe Product Updates
Adobe just released its monthly security updates and this month the company patched vulnerabilities in three products — Adobe Flash Player, Adobe ColdFusion, and Adobe RoboHelp. Adobe patched eight security bugs ; two in Flash Player, four in ColdFusion, and two in RoboHelp.
Security Update for Windows Defender Released
Microsoft has released an out of out of band security update for Windows Defender found on Windows 7, 10 and Server 2008. If you are running a third Party Anti Virus solution your version of Windows Defender will be disabled. If not you should run Windows Update to ensure you apply the update ASAP.