Security News

Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up. With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about today's Adobe Flash Player update.

Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up. With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about today's Adobe Flash Player update.

Review: Practical Vulnerability Management: A Strategic Approach to Managing Cyber RiskAndrew Magnusson started his information security career 20 years ago and he decided to offer the knowledge he accumulated through this book, to help the reader eliminate security weaknesses and threats within their system. AWS adds new S3 security and access control featuresAmazon Web Services has made available three new S3 security and access control features.

Microsoft has also issued updated guidance since the August Patch Tuesday release to clarify the steps needed to secure systems with this vulnerability. October 2020 Patch Tuesday forecast Microsoft continues to address record numbers of vulnerabilities each month.

Cisco Systems released a barrage of patches, Thursday, aimed at fixing bugs in the networking giant's ubiquitous IOS operating system. Twenty-nine of the Cisco bugs are rated high severity, with 13 rated medium in severity.

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server. We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."

Microsoft has updated its Security Update Guide, which is used by tens of millions of cybersecurity professionals the second Tuesday of every month, also known as Patch Tuesday. The update is "To help protect our customers regardless of what Microsoft products or services they use in their environment," according to a Microsoft Security Response Center blog post on Tuesday.

With only hours until the deadline for the directive, issued on Friday, to be executed, what is at stake is a "Vulnerability [that] poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," according to the Cybersecurity and Infrastructure Security Agency. Microsoft released a patch for the vulnerability as part of its August 11, 2020 Patch Tuesday security updates.

The Department of Homeland Security has given system administrators until today to patch a critical vulnerability in Windows Server that could allow an attacker to hijack federal networks, via a flaw in the Netlogon authentication system. On 18 September, the DHS's cybersecurity division issued an emergency directive giving government agencies a four-day deadline to patch the CVE-2020-1472 vulnerability, also known as Zerologon, citing the "Unacceptable risk" it posed federal networks.

The Department of Homeland Security on Friday issued an Emergency Directive that requires federal agencies to install fixes for a Netlogon elevation of privilege vulnerability for which Microsoft released patches in August 2020. In its Emergency Directive 20-04, the DHS's Cybersecurity and Infrastructure Security Agency warns all federal agencies that applying Microsoft's patches is the only available mitigation for this critical vulnerability, aside from removing affected domain controllers from the environment.