This month's Patch Tuesday is almost shockingly small with just one "critical" flaw. The flaw is yet another remote code execution (RCE) hole. This time the lure is a Rich Text file that, if opened or just viewed, can give the hacker your user privileges. The good news is it hasn't been exploited yet -- so if you haven't installed the patch you still have time. Experts, however, believe there are those that are working on attacks as we speak, so don't dilly dally too long.
There were also six important bulletins, including more RCE flaws, an elevation of privilege issue, a cross scripting flaw and a denial-of-service problem.
How does Microsoft's very public patching approach compare to other vendors? Answers welcome at [email protected]
Posted by Doug Barney on 10/10/2012 at 1:19 PM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the release of a publicly available and free post-incident hunting tool for organizations using Microsoft Azure, Azure Active Directory and Microsoft 365 applications.
Microsoft this week reminded organizations using Microsoft Teams Rooms devices of a coming July 1 deadline to get their licenses compliant with its relatively new Basic and Pro plans.
Simplified labeling and documentation are key to avoiding a management mess.
Microsoft this week announced a preview of custom claims providers for Azure Active Directory users.
Microsoft this week announced plans to shift the schedule for when it releases its optional nonsecurity patch previews for Windows systems.
More Tech Library