Security News

The updates were pulled, and we are waiting to see if Microsoft re-releases a more comprehensive fix this patch Tuesday. The advisory specifically stated, "The March 10, 2020 and updates in the foreseeable future will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers." These features will be included in the March Patch Tuesday updates, so take advantage and enable them.

The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as 'critical' and 87 'important'. The first indication of the IE zero-day, now identified as CVE-2020-0674, appeared when Mozilla fixed a very similar issue in Firefox on 8 January, less than two days after the appearance of version 72.

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer that is actively being exploited. A dozen of the vulnerabilities Microsoft patched today are rated "Critical," meaning malware or miscreants could exploit them remotely to gain complete control over an affected system with little to no help from the user.

To mark the occasion, Microsoft has released fixes for 99 vulnerabilities - 12 critical, one of which is being exploited in the wild - and Adobe 42, most of which are critical and none actively exploited. Microsoft fixed nearly 100 vulnerabilities this Tuesday, interspersed through a number of products: Windows, Edge, IE, SQL Server, Exchange Server, Office, and more.

Wuhan coronavirus exploited to deliver malware, phishing, hoaxesThe Wuhan coronavirus continues to spread and create anxiety across the globe, allowing malicious individuals and groups to exploit the situation to spread fake news, malware and phishing emails. USB armory Mk II: A secure computer on a USB stick featuring open source hardware designThe hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure.

Originally planned for Q4 2019, Microsoft has pushed the first part of this update out to March 2020. As explained in the advisory, the "Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing."

Oracle has released a sweeping set of security patches across the breadth of its software line. The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant.

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency.

As forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the "Star of the show" is CVE-2020-0601, a Windows flaw flagged by the NSA that could allow attackers to successfully spoof code-signing certificates and use them to sign malicious code or intercept and modify encrypted communications. The flaw only affects newer versions of Windows and Windows Server, and is found in the Windows CryptoAPI, which validates Elliptic Curve Cryptography certificates.

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.