Jump to content

Search the Community

Showing results for tags 'security updates'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 19 results

  1. Microsoft has now made it possible to receive notifications about new security updates through a new RSS feed for the Security Update Guide. When Microsoft fixes a security vulnerability in one of its products, they disclose details in the Security Update Guide (SUG). Typically, Microsoft discloses new vulnerabilities twice a month, the bulk being the monthly Patch Tuesday and when Microsoft fixes vulnerabilities in Microsoft Edge. However, if a new vulnerability is publicly disclosed before Microsoft can fix it and Microsoft believes it is important for customers to be aware, they will add new entries to SUG when releasing out-of-band advisories. For example, last month, Microsoft added two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082 to the SUG. While these bugs have not received any security updates yet, Microsoft did release mitigations that can help protect Internet-exposed servers, illustrating the need to stay aware of new security issues. While email notifications for additions to the Security Update Guide, they require a user to create a Microsoft account to receive them and are not sent immediately. Due to this, many customers have requested Microsoft add an RSS feed to the Security Update Guide so they can get immediate notifications when a new CVE is added. "With regards to the RSS feed, we have received feedback from some of our customers that an RSS feed on the Security Update Guide (SUG) would be greatly appreciated," Microsoft said in today's announcement. "A few customers have even asked for it to be the default form of communication. We heard your feedback, and you can now obtain SUG updates by pasting the URL of the RSS feed in any RSS reader." The URL for the new RSS feed is now live at https://api.msrc.microsoft.com/update-guide/rss and is also shared in the SUG using an RSS icon, as shown below. New RSS icon in the Security Update Guide To use the new RSS feed feature, you need to install an RSS Feed reader, whether a desktop application, mobile app, or browser extension. Once you subscribe to the feed, you will automatically receive notifications when Microsoft adds a new CVE to the Security Update Guide, helping keep you aware of the latest security risks. Once you subscribe to the feed, you will begin to receive notifications when Microsoft adds a new CVE to the Security Update Guide, helping keep you aware of the latest security risks. Microsoft adds new RSS feed for security update notifications
  2. Google has released a security update for its Chrome desktop and Android browsers. The update brings the stable channel version of Chrome to 103.0.5060.134 on the desktop, and to 103.0.5060.129 on Android. The security update is already available. Most Chrome browsers will receive the update automatically, thanks to the built-in automatic updating functionality. Chrome users may speed up the installation of the security update on desktop versions of Chrome by loading chrome://settings/help in the browser's address bar. The current version is displayed on the page and Chrome runs a check for updates to find out if a new version is available. If not installed already, Chrome will download and install the security update. A restart is required to complete the upgrade. The Android version of Chrome does not support such an option, as updates are distributed exclusively via Google Play. Google Chrome 103 security fixes Google published an article on the Chrome Releases Blog to inform Chrome users and administrators about the update. The blog post confirms that 11 different security issues are patched in the new Chrome release. Six of these, all reported by third-party researchers, are mentioned specifically on the blog. Google does not list security issues that it found internally on the blog. The maximum severity rating of all 11 security issues is high, the second highest after critical. Here is the full list as reported by Google: [$16000][1336266] High CVE-2022-2477 : Use after free in Guest View. Reported by anonymous on 2022-06-14 [$7500][1335861] High CVE-2022-2478 : Use after free in PDF. Reported by triplepwns on 2022-06-13 [$3000][1329987] High CVE-2022-2479 : Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28 [$NA][1339844] High CVE-2022-2480 : Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27 [$TBD][1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04 [$7000][1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21 Google makes no mention of attacks in the wild. It is still recommended to update Chrome to the latest version as soon as possible. Google released the first Chrome 103 release earlier this month; this update included a fix for a 0-day vulnerability that was exploited in the wild. Now You: do you use Google Chrome? Google Chrome 103 update fixes 11 security issues Frontpaged: Google Chrome 103.0.5060.134
  3. Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird. The zero-days have been fixed in Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3, and Thunderbird 91.9.1. Manfred Paul (@_manfp) earned $100,000 and 10 Master of Pwn points after demoing prototype pollution and improper input validation bugs on the first day of Pwn2Own. The first vulnerability is a prototype pollution in Top-Level Await implementation (tracked as CVE-2022-1802) that can let an attacker corrupt the methods of an Array object in JavaScript using prototype pollution to achieve JavaScript code execution in a privileged context. The second one (CVE-2022-1529) allows attackers to abuse Java object indexing improper input validation in prototype pollution injection attacks. "An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process," Mozilla explained. The Cybersecurity and Infrastructure Security Agency (CISA) also encouraged admins and users on Monday to patch these security flaws, given that threat actors could exploit them to "take control of an affected system." Mozilla patched these vulnerabilities two days after they were exploited and reported at the Pwn2Own hacking contest by Manfred Paul. However, vendors don't usually hurry to release patches after Pwn2Own since they have 90 days to push security fixes until Trend Micro's Zero Day Initiative publicly discloses them. Pwn2Own 2022 Vancouver ended on May 20 after 17 competitors earned $1,155,000 for zero-day exploits and exploit chains demonstrated over three days after 21 attempts. Security researchers also earned $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed between April 19 and April 21 during the 2022 Pwn2Own Miami contest. Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own
  4. Microsoft has released security updates and non-security updates for client and server versions of its Windows operating system and other company products, including Microsoft Office, on the April 12, 2022 Patch Tuesday. The updates are already available via Windows Updates, other update management products and services, and as direct downloads. Our overview assists home users and system administrators in understanding the updates and getting the information they need to update products that they use. The guide includes direct download links, links to support websites, information about critical updates, known issues, and other bits that are important when it comes to updating. You can check out the March 2022 Microsoft update guide here. Microsoft Windows Security Updates: March 2022 The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link: microsoft-windows-security-updates-april-2022 Executive Summary All supported client and server versions of Windows are affected by at least 4 critical security issues. Windows clients with known issues: Windows 7, Windows 8.1, Windows 10 version 1607, 1809, 1909, 20H2, 21H1, 21H2, and Windows 11 Windows server versions with known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, and 2022 Other Microsoft products with security updates: .NET Framework, Azure SDK, Active Directory Domain Services, Azure Site Recovery, Microsoft Edge, LDAP, Visual Studio, Microsoft Office, and others. Windows 10 version 20h2 Pro and Home are reaching end of servicing next month. Operating System Distribution Windows 7 (extended support only): 41 vulnerabilities: 4 critical and 37 important Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows 8.1: 51 vulnerabilities: 7 critical and 44 important Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows 10 version 1909: 68 vulnerabilities: 8 critical and 60 important Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-24537 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows 10 version 20H2, 21H1 and 21H2 : 72 vulnerabilities, 9 critical and 63 important Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows 11: 69 vulnerabilities, 9 critical and 60 important Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows Server products Windows Server 2008 R2 (extended support only): 51 vulnerabilities: 4 critical and 47 important Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows Server 2012 R2: 66 vulnerabilities: 5 critical and 22 important Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows Server 2016: 86 vulnerabilities: 8 critical and 78 important Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-24537 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows Server 2019: 93 vulnerabilities: 0critical and 28 important Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-24537 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Windows Server 2022: 98 vulnerabilities: 0 critical and 28 important Windows LDAP Remote Code Execution Vulnerability -- CVE-2022-26919 Remote Procedure Call Runtime Remote Code Execution Vulnerability -- CVE-2022-26809 Windows Server Service Remote Code Execution Vulnerability -- CVE-2022-24541 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24491 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-24537 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-23257 Windows Hyper-V Remote Code Execution Vulnerability -- CVE-2022-22008 Windows SMB Remote Code Execution Vulnerability -- CVE-2022-24500 Windows Network File System Remote Code Execution Vulnerability -- CVE-2022-24497 Windows Security Updates Windows 7 SP1 and Windows Server 2008 R2 Monthly Rollup: KB5012626 Security-Only: KB5012649 Updates and improvements: Fixed a Windows Media Center issue that had users configure the application on each start. Fixed a memory leak that was introduced in the November 2021 cumulative update. It caused a decrease in performance on domain controllers. Fixed an issue that could cause Event ID 37 to be logged during password change scenarios. Fixed an Access Denied error when writing a service principal name alias and Host/Name already exists on another object. Fixed a domain joins failing issue in environments that use DNS hostnames. Fixed an issue that prevented the changing of expired passwords when signing in. Windows 8.1 and Windows Server 2012 R2 Monthly Rollup: KB5012670 Security-only: KB5012639 Updates and improvements: Fixed a Windows Media Center issue that had users configure the application on each start. Fixed a memory leak that was introduced in the November 2021 cumulative update. It caused a decrease in performance on domain controllers. Fixed an issue that could cause Event ID 37 to be logged during password change scenarios. Fixed a domain joins failing issue in environments that use DNS hostnames. Fixed an issue that made Windows go into BitLocker Recovery after servicing updates. (monthly-rollup only). Fixed an issue that prevented the changing of expired passwords when signing in. (monthly-rollup only). Fixed an issue that caused a Denial of Service vulnerability on Cluster Shared Volumes. (monthly-rollup only). Windows 10 version 20H2, 21H1 and 21H2 Support Page: KB5012599 Fixed an issue that caused a Denial of Service vulnerability on Cluster Shared Volumes. (monthly-rollup only). Plus, everything that was mentioned in the preview update here. Windows 11 Support Page: KB5012592 Updates and improvements: Fixes are listed on the preview update's release page here. Other security updates 2022-04 Security Only Quality Update for Windows Server 2008 (KB5012632) 2022-04 Security Monthly Quality Rollup for Windows Server 2008 (KB5012658) 2022-04 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5012650) 2022-04 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5012666) 2022-04 Cumulative Update for Windows 10 Version 1909 (KB5012591) 2022-04 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5012596) 2022-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5012604) 2022-04 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5012647) 2022-04 Cumulative Update for Windows 10 (KB5012653) .NET Framework 2022-04 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012122) 2022-04 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5012124) 2022-04 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012129) 2022-04 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5012130) 2022-04 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5012131) 2022-04 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012136) 2022-04 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 (KB5012137) 2022-04 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5012138) 2022-04 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 (KB5012139) 2022-04 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012140) 2022-04 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5012141) 2022-04 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 (KB5012142) 2022-04 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012143) 2022-04 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5012144) 2022-04 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5012145) 2022-04 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012146) 2022-04 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5012147) 2022-04 Security Only Update for .NET Framework 4.6 and 4.6.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5012148) 2022-04 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012149) 2022-04 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 (KB5012150) 2022-04 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5012151) 2022-04 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 (KB5012152) 2022-04 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012153) 2022-04 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5012154) 2022-04 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 (KB5012155) 2022-04 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5012324) 2022-04 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012325) 2022-04 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5012326) 2022-04 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5012327) 2022-04 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5012329) 2022-04 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5012330) 2022-04 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5012331) 2022-04 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 (KB5012332) 2022-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1, Windows Server, version 20H2, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5012117) 2022-04 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5012118) 2022-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5012119) 2022-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 (KB5012120) 2022-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5012121) 2022-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for ARM64 (KB5012123) 2022-04 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5012128) 2022-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5012328) 2022-04 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5012125) Servicing Stack Updates 2022-04 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5012672) 2022-04 Servicing Stack Update for Windows 10 (KB5013269) 2022-04 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5013270) Known Issues Windows 7 SP1 and Windows Server 2008 R2 (Old) Updates may show as failed and may be uninstalled because the machine is not on ESU. Expected behavior. (Old) Certain operations such as rename may fail on Cluster Shared Volumes. Perform the operation from a process with administrator privileges. Perform the operation from a node that does not have CSV ownership. Windows 8.1 and Windows Server 2012 R2 (Old) Certain operations such as rename may fail on Cluster Shared Volumes. Perform the operation from a process with administrator privileges. Perform the operation from a node that does not have CSV ownership. (Old) Issues with apps using the " Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information". These may fail, close, or may throw errors messages such as access violation (0xc0000005). Install out-of-band updates for the .NET Framework version that the app in question uses. Microsoft has links to these on the support page. Windows 10 versions 20H2, 21H1 and 21H2 (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed. Workaround described on the support page. (Old) Some devices can't install updates after installation of KB5003690 (June 21, 2021). Error PSFX_E_MATCHING_BINARY_MISSING is displayed. Workaround instructions are available here. (Old) Connections may fail to authentication when using smart card authentication in Remote Desktop Connections. Resolved according to Microsoft, should not be experienced anymore. (NEW) After installing the January 11, 2022 updates or later updates, recovery discs on CD or DVD created using the Backup and Restore tool (Windows 7) may be unable to start. Recovery discs created earlier are not affected. Microsoft is working on a resolution. Windows 11 (NEW) After installing the January 11, 2022 updates or later updates, recovery discs on CD or DVD created using the Backup and Restore tool (Windows 7) may be unable to start. Recovery discs created earlier are not affected. Microsoft is working on a resolution. Security advisories and updates ADV 990001 -- Latest Servicing Stack Updates Non-security updates Microsoft Office Updates You find Office update information here. How to download and install the April 2022 security updates Critical updates are downloaded and installed automatically on most Home Windows devices. On other systems, administrators may need to download and install updates manually, or allow updates to be installed after reviewing them carefully. Home users may use the following method to check for updates manually (and speed up the installation of updates in the process): Select Start, type Windows Update and load the Windows Update item that is displayed. Select check for updates to run a manual check for updates. Direct update downloads Below are resource pages with direct download links, if you prefer to download the updates to install them manually. Windows 7 and Server 2008 R2 KB5012626 -- 2022-04 Security Monthly Quality Rollup for Windows 7 KB5012649 -- 2022-04 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB5012670 -- 2022-04 Security Monthly Quality Rollup for Windows 8.1 KB5012639 -- 2022-04 Security Only Quality Update for Windows 8.1 Windows 10 (version 20H2) KB5012599 -- 2022-04 Cumulative Update for Windows 10 Version 20H2 Windows 10 (version 21H1) KB5012599 -- 2022-04 Cumulative Update for Windows 10 Version 21H1 Windows 10 (version 21H2) KB5012599 -- 2022-04 Cumulative Update for Windows 10 Version 21H2 Windows 11 KB5012592 -- 2022-04 Cumulative Update for Windows 11 Additional resources April 2022 Security Updates release notes List of software updates for Microsoft products List of the latest Windows Updates and Services Packs Security Updates Guide Microsoft Update Catalog site Our in-depth Windows update guide How to install optional updates on Windows 10 Windows 11 Update History Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Microsoft Windows Security Updates April 2022 overview
  5. Over one billion Android devices at risk as they no longer receive security updates More than one billion Android devices are at risk of being hacked or infected by malware, because they are no longer supported by security updates and built-in protection. That’s the conclusion of an investigation by Which?, which found that at-risk smartphones are still being sold by third-parties via sites like Amazon, despite the range of malware and other threats to which they are vulnerable. The report cites data that Google collected itself in May 2019, which discovered that 42.1% of active Android users worldwide were running version 6.0 (known as Marshmallow) of the operating system or earlier. The problem with that picture is that the current version of Android is version 10, released last September. Its immediate predecessors – Android 9.0 Pie and Android 8.0 Oreo – continue to receive updates, but earlier versions do not. To demonstrate the problem, Which? purchased a Motorola X, Samsung Galaxy A5 2017 and Sony Xperia Z2 from Amazon Marketplace sellers and put them to the test alongside an LG/Google Nexus 5 and Samsung Galaxy S6 they already had in its test lab. In tests conducted with experts at AV-Comparatives, it was found that the phones were susceptible to a variety of vulnerabilities made public long ago. These included: BlueFrag – a critical vulnerability in Android’s Bluetooth component that could allow a nearby malicious hacker to compromise a device in order to steal data and spread malware. Stagefright – first discovered in 2015, hackers could exploit unpatched Android devices to to silently and remotely infect them with malware via a boobytrapped MMS message. Joker (also also known as Bread) – malware that poses as a legitimate app in the Google Play store, but registers victims’ devices for premium-rate services and plunders devices’ address books. Kate Bevan of Which? is calling on phone manufacturers to be more transparent about how long consumers can expect to have their devices supported with critical security updates: “It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers. Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.” The best thing to do, of course, is for Android users to run a more secure version of the operating system on their smartphones – one that is still receiving security patches. But, if your older phone isn’t able to be updated, what steps should you take to better secure yourself? Clearly, regular backups of important data are always a good idea. That’s sensible even if you aren’t worried about having your phone hacked, as a backup could save your bacon if you were to ever accidentally damage your phone or have it stolen. But also be aware that the majority of malware threats for Android originate outside the official Google Play store. Be wary of side-loading apps from other sources as they may not have been as well vetted. In addition, always be careful about clicking on suspicious-looking links or opening attachments in SMS or MMS messages if you are not expecting them. You may also want to consider running a mobile anti-virus product on your device. If smartphone security doesn’t improve, the only people who are going to smiling about the more than one billion vulnerable Android devices will be the criminals themselves. Source
  6. Microsoft Windows Security Updates March 2020 overview Welcome to the overview for Microsoft's March 2020 Patch Day; the company released security updates for all supported versions of Microsoft Windows as well as other company products. The overview provides you with important information about released patches. It includes links to support articles and summaries of patches, links to security advisories, non-security updates, as well as direct download links for Windows updates. Feel free to check out the February 2020 Patch Day overview here. Microsoft Windows Security Updates March 2020 You may download the following Excel spreadsheet to get a full tabular listing of patches and updates that Microsoft released on the March 2020 Patch Day. Click on the following link to download the Excel spreadsheet to your local system: microsoft-security-updates-windows-march-2020 Executive Summary Microsoft released updates for all supported versions of the Windows operating system. Updates were also released for Microsoft Edge (classic and new), Internet Explorer, Microsoft Exchange Server, Microsoft Office, Windows Defender, Visual Studio, Azure, Azure DevOps, Microsoft Dynamics. The Microsoft Update Catalog lists 113 patches. Operating System Distribution Windows 7 (extended support only):39 vulnerabilities: 3 critical and 36 important CVE-2020-0684 | LNK Remote Code Execution Vulnerability CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability Windows 8.1: 55 vulnerabilities: 3 rated critical and 52 rated important CVE-2020-0684 | LNK Remote Code Execution Vulnerability CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1803: 71 vulnerabilities: 7 critical and 64 important CVE-2020-0684 | LNK Remote Code Execution Vulnerability CVE-2020-0809 | Media Foundation Memory Corruption Vulnerability CVE-2020-0801 | Media Foundation Memory Corruption Vulnerability CVE-2020-0807 | Media Foundation Memory Corruption Vulnerability CVE-2020-0869 | Media Foundation Memory Corruption Vulnerability CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability Windows 10 version 1809: 73 vulnerabilities: 7 critical and 66 important same as Windows 10 version 1803 Windows 10 version 1903: 75 vulnerabilities: 7 critical and 68 important same as Windows 10 version 1803 Windows 10 version 1909: same as Windows 10 version 1903 Windows Server products Windows Server 2008 R2 (extended support only): 47 vulnerabilities, 5 critical, 42 important Windows Server 2012 R2: 55 vulnerabilities: 3 critical and 52 important. CVE-2020-0684 | LNK Remote Code Execution Vulnerability CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability Windows Server 2016: 71 vulnerabilities: 6 critical and 65 important. CVE-2020-0684 | LNK Remote Code Execution Vulnerability CVE-2020-0809 | Media Foundation Memory Corruption Vulnerability CVE-2020-0801 | Media Foundation Memory Corruption Vulnerability CVE-2020-0869 | Media Foundation Memory Corruption Vulnerability CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability Windows Server 2019: 72 vulnerabilities: 7 critical and 65 are important Same as Windows Server 2016 plus CVE-2020-0807 | Media Foundation Memory Corruption Vulnerability Other Microsoft Products Internet Explorer 11: 6 vulnerability: 6 critical CVE-2020-0768 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0824 | Internet Explorer Memory Corruption Vulnerability CVE-2020-0830 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0832 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0833 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0847 | VBScript Remote Code Execution Vulnerability Microsoft Edge: 14 vulnerabilities: 13 critical, 1 important CVE-2020-0768 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0811 | Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-0812 | Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-0816 | Microsoft Edge Memory Corruption Vulnerability CVE-2020-0823 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0825 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0826 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0827 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0828 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0829 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0830 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0831 | Scripting Engine Memory Corruption Vulnerability CVE-2020-0848 | Scripting Engine Memory Corruption Vulnerability Microsoft Edge on Chromium: see here (latest security patches from the Chromium project) Windows Security Updates Windows 7 Monthly Rollup: KB4540688 Security-only: KB4541500 Improvements and fixes: Fixed an issue that might prevent icons and cursors from appearing as expected. (monthly-rollup only) Security updates Windows 8.1 Monthly Rollup: KB4541509 Security-only: KB4541505 Improvements and fixes: Fixed an issue that might prevent ActiveX content from loading. Fixed an issue that might prevent icons and cursors from appearing as expected. Security updates Windows 10 version 1803 Support article: KB4540689 Improvements and fixes: Security updates Windows 10 version 1809 Support article: support Improvements and fixes: Security updates Windows 10 version 1903 and 1909 Support article: KB4540673 Improvements and fixes: Fixed an issue that prevented some users from upgrading the operating system "because of corrupted third-party assemblies". Security updates. Other security updates KB4540671 -- 2020-03 Cumulative Security Update for Internet Explorer KB4540694 -- 2020-03 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 KB4541504 -- 2020-03 Security Only Quality Update for Windows Server 2008 KB4541506 -- 2020-03 Security Monthly Quality Rollup for Windows Server 2008 KB4541510 -- 2020-03 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 KB4539571 -- 2020-03 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809 KB4540670 -- 2020-03 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 KB4540681 -- 2020-03 Cumulative Update for Windows 10 Version 1709 KB4540693 -- 2020-03 Cumulative Update for Windows 10 Version 1507 KB4540705 -- 2020-03 Cumulative Update for Windows 10 Version 1703 KB4540721 -- 2020-03 Servicing Stack Update for Windows 10 Version 1507 KB4540722 -- 2020-03 Servicing Stack Update for Windows 10 Version 1703 KB4540723 -- 2020-03 Servicing Stack Update for Windows Server 2016 and Windows 10 Version 1607 KB4540724 -- 2020-03 Servicing Stack Update for Windows 10 Version 1803 KB4540725 -- 2020-03 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 KB4540726 -- 2020-03 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 KB4541338 -- 2020-03 Servicing Stack Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server, version 1903, and Windows 10 Version 1903 KB4541731 -- 2020-03 Servicing Stack Update for Windows 10 Version 1709 KB4550735 -- 2020-03 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4550736 -- 2020-03 Servicing Stack Update for Windows Server 2008 Known Issues Windows 7 May receive "failure to configure Windows updates. Reverting Changes. Do not turn off your computer" if the update is installed on non-ESU systems. Certain operations that are performed on files or folders on Cluster Shared Volumes may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". Windows 8.1 Certain operations that are performed on files or folders on Cluster Shared Volumes may fail with the error "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)". Windows 10 version 1809 After installing KB4493509, devices with some Asian language packs installed may receive the error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." Mitigation: uninstall and reinstall the language pack, then install the April 2019 Cumulative Update. If that does not help, Microsoft suggests Resetting the PC. May encounter issues in Windows Server containers and 32-bit applications and process. See: Windows container version compatibility. Windows 10 version 1903 and 1909 May encounter issues in Windows Server containers and 32-bit applications and process. See: Windows container version compatibility. Security advisories and updates Non-security related updates KB890830 -- Windows Malicious Software Removal Tool - March 2020 Microsoft Office Updates You find Office update information here. How to download and install the March 2020 security updates Security updates for all supported version of Windows and products included in Windows, e.g. Microsoft Edge, are made available via Windows Update, WSUS, and other update distribution systems. Administrators may download standalone patches to systems to apply these directly without using Windows Updates. We recommend that backups are created of important date or, better, the entire system, before patches are installed. Do the following to check for new updates: Open the Start Menu of the Windows operating system, type Windows Update and select the result. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings. Direct update downloads Windows 7 and Server 2008 R2 KB4540688 -- 2020-03 Security Monthly Quality Rollup for Windows 7 KB4541500 -- 2020-03 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB4541509 -- 2020-03 Security Monthly Quality Rollup for Windows 8.1 KB4541505 -- 2020-03 Security Only Quality Update for Windows 8.1 Windows 10 (version 1803) KB4540689 -- 2020-03 Cumulative Update for Windows 10 Version 1809 Windows 10 (version 1809) KB4538461 -- 2020-03 Cumulative Update for Windows 10 Version 1809 Windows 10 (version 1903) KB4540673 -- 2020-03 Cumulative Update for Windows 10 Version 1903 Windows 10 (version 1909) KB4540673 -- 2020-03 Cumulative Update for Windows 10 Version 1909 Additional resources March 2020 Security Updates release notes List of software updates for Microsoft products List of the latest Windows Updates and Services Packs Security Updates Guide Microsoft Update Catalog site Our in-depth Windows update guide How to install optional updates on Windows 10 Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source: Microsoft Windows Security Updates March 2020 overview (gHacks - Martin Brinkmann)
  7. Microsoft Windows Security Updates July 2020 overview It is the second Tuesday of the month and that means that it is Patch Day for Windows and other Microsoft products. The Microsoft Windows July 2020 Patch Day brings security updates for all supported client and server versions of Microsoft's Windows operating system as well as other company products such as Microsoft Edge. Our monthly overview provides you with detailed information about the updates that Microsoft released today. You can download an Excel spreadsheet that contains a list of released security updates, and check out the updates released for any version of Windows. The overview includes download links, links to resources on Microsoft's support website, and known issues. If you have missed out last month's Patch Day overview, check it out here. Microsoft Windows Security Updates July 2020 Click on the following link to download the July 2020 spreadsheet to your system. It lists released security updates of the July 2020 Patch Day. Click on the following link to start the download: microsoft-windows-updates-july-2020 Executive Summary Microsoft released updates for all client and server versions of the Windows operating system that it supports. Updates are also available for products such as Windows Defender, Internet Explorer, Microsoft OneDrive, Microsoft Edge, Microsoft Office, Visual Studio and Skype for Business. Operating System Distribution Windows 7 (extended support only): 35 vulnerabilities: 6 critical and 29 important CVE-2020-1374 | Remote Desktop Client Remote Code Execution Vulnerability CVE-2020-1409 | DirectWrite Remote Code Execution Vulnerability CVE-2020-1410 | Windows Address Book Remote Code Execution Vulnerability CVE-2020-1421 | LNK Remote Code Execution Vulnerability CVE-2020-1435 | GDI+ Remote Code Execution Vulnerability CVE-2020-1436 | Windows Font Library Remote Code Execution Vulnerability Windows 8.1: 40 vulnerabilities: 6 rated critical and 34 rated important same as Windows 7 Windows 10 version 1803: 78 vulnerabilities: 6 critical and 72 important CVE-2020-1374 | Remote Desktop Client Remote Code Execution Vulnerability CVE-2020-1409 | DirectWrite Remote Code Execution Vulnerability CVE-2020-1410 | Windows Address Book Remote Code Execution Vulnerability CVE-2020-1421 | LNK Remote Code Execution Vulnerability CVE-2020-1435 | GDI+ Remote Code Execution Vulnerability CVE-2020-1436 | Windows Font Library Remote Code Execution Vulnerability Windows 10 version 1809: 81 vulnerabilities: 4 critical and 78 important same as Windows 10 version 1803 Windows 10 version 1903: 85 vulnerabilities: 5 critical and 73 important same as Windows 10 version 1803 Windows 10 version 1909: same as Windows 10 version 1803 Windows 10 version 2004: Windows Server products Windows Server 2008 R2 (extended support only): 42 vulnerabilities: 13 critical and 29 important same as Windows Server 2016 Windows Server 2012 R2: 48 vulnerabilities: 13 critical and 35 important. same as Windows Server 2016 Windows Server 2016: 70 vulnerabilities: 13 critical and 57 important. CVE-2020-1032 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1036 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1040 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1041 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1042 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1043 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability CVE-2020-1374 | Remote Desktop Client Remote Code Execution Vulnerability CVE-2020-1409 | DirectWrite Remote Code Execution Vulnerability CVE-2020-1410 | Windows Address Book Remote Code Execution Vulnerability CVE-2020-1421 | LNK Remote Code Execution Vulnerability CVE-2020-1435 | GDI+ Remote Code Execution Vulnerability CVE-2020-1436 | Windows Font Library Remote Code Execution Vulnerability Windows Server 2019: 83 vulnerabilities: 7 critical and 77 are important CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability CVE-2020-1374 | Remote Desktop Client Remote Code Execution Vulnerability CVE-2020-1409 | DirectWrite Remote Code Execution Vulnerability CVE-2020-1410 | Windows Address Book Remote Code Execution Vulnerability CVE-2020-1421 | LNK Remote Code Execution Vulnerability CVE-2020-1435 | GDI+ Remote Code Execution Vulnerability CVE-2020-1436 | Windows Font Library Remote Code Execution Vulnerability Other Microsoft Products Internet Explorer 11: 2 vulnerability: 1 critical, 1 important CVE-2020-1403 | VBScript Remote Code Execution Vulnerability Microsoft Edge: 2 vulnerabilities: 0 critical, 2 important Microsoft Edge on Chromium: see here (latest security patches from the Chromium project) Windows Security Updates Windows 7 SP1 and Windows Server 2008 R2 Monthly Rollup: KB4565524 Security Only: KB4565539 Fixes and improvements Security Updates Windows 8.1 and Server 2012 R2 Monthly Rollup: KB4565541 Security Only: KB4565540 Fixes and improvements Security Updates Windows 10 version 1803 Support page: KB4565489 Fixes and improvements Fixed an issue that might cause lsass.exe to fail with the error "A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted." Fixed an issue that prevented some applications from printing large file documents or documents with graphics. Security updates. Windows 10 version 1809 Support page: KB4558998 Fixes and improvements Fixed an issue when loading Browser Helper Objects in IE Mode in Microsoft Edge. Fixed an issue that might cause lsass.exe to fail with the error "A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted." Fixed an issue that prevented some applications from printing large file documents or documents with graphics. Security updates. Windows 10 version 1903 and 1909 Support page: KB4565483 Fixes and improvements Same as Windows 10 version 1809 Windows 10 version 2004 Support page: KB4565503 Fixes and improvements Fixed issues in certain apps that use the ImeMode property to control the Input Method Editor mode. Fixed an issue that prevented changing the system local on Server Core platforms using PowerShell. Fixed a game and app distortion issue when switching from full screen mode to window mode, or resizing windowed mode windows. Fixed a OneDrive app connecting issue. Fixed an issue that might cause lsass.exe to fail with the error "A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000008. The machine must now be restarted." Fixed an issue that prevented some applications from printing large file documents or documents with graphics. Security updates. Other security updates KB4565479 -- 2020-07 Cumulative Security Update for Internet Explorer KB4565529 -- 2020-07 Security Only Quality Update for Windows Server 2008 KB4565535 -- 2020-07 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 KB4565536 -- 2020-07 Security Monthly Quality Rollup for Windows Server 2008 KB4565537 -- 2020-07 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 KB4565513 -- 2020-07 Cumulative Update for Windows 10 Version 1507 KB4565499 -- 2020-07 Cumulative Update for Windows 10 Version 1703 KB4565508 -- 2020-07 Cumulative Update for Windows 10 Version 1709 .NET Framework KB4565577 -- 2020-07 Security Only Update for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012 KB4565578 -- 2020-07 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 KB4565579 -- 2020-07 Security Only Update for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4565580 -- 2020-07 Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 KB4565581 -- 2020-07 Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 KB4565582 -- 2020-07 Security Only Update for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012 KB4565583 -- 2020-07 Security Only Update for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4565584 -- 2020-07 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 KB4565585 -- 2020-07 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 KB4565586 -- 2020-07 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4565587 -- 2020-07 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4565588 -- 2020-07 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4565589 -- 2020-07 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4565610 -- 2020-07 Security and Quality Rollup for .NET Framework 3.5 for Windows Embedded 8 Standard and Windows Server 2012 KB4565611 -- 2020-07 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 KB4565612 -- 2020-07 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4565613 -- 2020-07 Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R KB4565614 -- 2020-07 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 KB4565615 -- 2020-07 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded 8 Standard and Windows Server 2012 KB4565616 -- 2020-07 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4565621 -- 2020-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 KB4565622 -- 2020-07 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 KB4565623 -- 2020-07 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4565634 -- 2020-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4565635 -- 2020-07 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4565636 -- 2020-07 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 KB4566466 -- 2020-07 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4566467 -- 2020-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4566468 -- 2020-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4566469 -- 2020-07 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 KB4566517 -- 2020-07 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4566518 -- 2020-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4566519 -- 2020-07 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4566520 -- 2020-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 KB4565625 -- 2020-07 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 KB4565627 -- 2020-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 2004 and Windows 10 Version 2004 KB4565628 -- 2020-07 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 KB4565629 -- 2020-07 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 KB4565630 -- 2020-07 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 KB4565631 -- 2020-07 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016 (1803) KB4565632 -- 2020-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 KB4565633 -- 2020-07 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903 KB4566516 -- 2020-07 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 Servicing Stack Updates KB4558997 -- 2020-07 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809 KB4565353 -- 2020-07 Servicing Stack Update for Windows Server 2008 KB4565354 -- 2020-07 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4565551 -- 2020-07 Servicing Stack Update for Windows 10 Version 1703 KB4565552 -- 2020-07 Servicing Stack Update for Windows 10 Version 1803 KB4565553 -- 2020-07 Servicing Stack Update for Windows 10 Version 1709 KB4565554 -- 2020-07 Servicing Stack Update for Windows Server, version 2004, Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903 KB4565912 -- 2020-07 Servicing Stack Update for Windows Server 2016 and Windows 10 Version 1607 KB4566425 -- 2020-07 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 KB4566426 -- 2020-07 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 KB4565911 -- 2020-07 Servicing Stack Update for Windows 10 Version 1507 KB4566785 -- 2020-07 Servicing Stack Update for Windows Server, version 2004 and Windows 10 Version 2004 Known Issues Windows 7 SP1 and Windows Server 2008 R2 Windows 8.1 and Windows Server 2012 R2 Certain operations such as rename may fail on Cluster Shared Volumes. The error received is "STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)" in that case. Solution 1: Run the operation from a process with elevated rights. Solution 2: Perform the operation from a node that does not have CSV ownership. Windows 10 version 1809 Devices with some Asian language packs may receive error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND". Solution 1: Uninstall and reinstall any language packs that were installed recently. Check for updates afterwards. Solution 2: Reset this PC. Windows 10 version 1903 and 1909 Internet access may not be available after installing this update on a device with a WWAN LTE modem. Microsoft is working on a solution. Windows 10 version 2004 Some apps, such as Microsoft Excel, may throw errors for for users of the Microsoft Input Method Editor for Chinese and Japanese. Workaround explained here. Security advisories and updates ADV200008 | Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers Non-security related updates Microsoft Office Updates You find Office update information here. How to download and install the July 2020 security updates Security updates are released via Windows Update and other update management systems such as WSUS. Administrators may download updates manually as well to install them directly. Note: We recommend that systems are backed up fully before updates are installed. The following instructions guide you through the process of checking for updates via Windows Update: Open the Start Menu of the Windows operating system, type Windows Update and select the result. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings. Direct update downloads Windows 7 and Server 2008 R2 KB4565524 -- 2020-07 Security Monthly Quality Rollup for Windows 7 KB4565539 -- 2020-07 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB4565541 -- 2020-07 Security Monthly Quality Rollup for Windows 8.1 KB4565540 -- 2020-07 Security Only Quality Update for Windows 8.1 Windows 10 (version 1803) KB4565489 -- 2020-07 Cumulative Update for Windows 10 Version 1803 Windows 10 (version 1809) KB4558998 -- 2020-07 Cumulative Update for Windows 10 Version 1809 Windows 10 (version 1903) KB4565483 -- 2020-07 Cumulative Update for Windows 10 Version 1903 Windows 10 (version 1909) KB4565483 -- 2020-07 Cumulative Update for Windows 10 Version 1909 Windows 10 (version 2004) KB4565503 -- 2020-07 Cumulative Update for Windows 10 Version 2004 Microsoft Windows Security Updates July 2020 overview
  8. Microsoft Windows Security Updates March 2021 overview Microsoft released security updates and non-security updates on the Marc 2021 Patch Day for all supported versions of Windows and other company products. This guide provides system administrators and home users with information on the released patches and related information. You find links to all major security updates released by Microsoft for Windows, links to direct downloads, information on known issues as reported by Microsoft, and other information. Click here to open the February 2021 Update overview if you want to check it out as well. The Microsoft Windows Security Updates: March 2021 Excel spreadsheet with list of security updates is coming. Executive Summary This is the last Patch Day for the legacy Microsoft Edge web browser. The browser won't be supported anymore after today, and Microsoft plans to replace it with the Chromium-based version of Edge starting in April 2021. Microsoft released security updates for Exchange Server. You may want to read up on the release on MSRC and the Microsoft On The Issues blog. Microsoft released security updates for all supported client and server versions of Windows. No client version of Windows is affected by a security issue with the highest severity rating of critical. The list of other Microsoft products with security updates is long, it includes Microsoft Office, Internet Explorer, Visual Studio, Windows Installer, Windows Media, Windows DirectX, Microsoft Exchange Server, and Azure among other products. Operating System Distribution Windows 7 (extended support only): 5 vulnerabilities: 0 critical and 5 important Windows 8.1: 5 vulnerabilities: 0 critical and 5 important Windows 10 version 1809: 5 vulnerabilities: 0 critical and 5 important Windows 10 version 1903 and 1909: 7 vulnerabilities: 0 critical and 7 important Windows 10 version 2004 and 20H2: 8 vulnerabilities, 0 critical and 8 important Windows Server products Windows Server 2008 R2 (extended support only): 9 vulnerabilities: 1 critical and 8 important CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability Windows Server 2012 R2: 10 vulnerabilities: 1 critical and 9 important CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability Windows Server 2016: 9 vulnerabilities: 1 critical and 9 important. CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability Windows Server 2019: 9 vulnerabilities: 1 critical and 8 important. CVE-2021-26897 -- Windows DNS Server Remote Code Execution Vulnerability Windows Security Updates Windows 7 SP1 and Windows Server 2008 R2 Monthly Rollup: KB5000841 Security-only: KB5000851 Updates and improvements: Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft. Addresses an issue in "which a non-native device that is in the same realm does not receive a Kerberos Service ticket from Active Directory DCs". Security updates Windows 8.1 and Windows Server 2012 R2 Monthly Rollup: KB5000848 Security-only: KB5000822 Updates and improvements: Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft. Security updates. Windows 10 version 1909 Support Page: KB5000808 Updates and improvements: Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft. Security updates. Windows 10 version 2004 and 20H2 Support Page: KB5000802 Updates and improvements: Patches an elevation of privilege issue of print jobs submitted to FILE ports described in CVE-2021-1640. Pending print jobs will remain in an error state, these need to be deleted manually according to Microsoft. Security updates. Other security updates 2021-02 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4601357) 2021-02 Security Monthly Quality Rollup for Windows Server 2008 (KB4601360) 2021-02 Security Only Quality Update for Windows Server 2008 (KB4601366) 2021-02 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB4601318) 2021-02 Cumulative Update for Windows 10 Version 1703 (KB4601330) 2021-02 Cumulative Update for Windows 10 Version 1507 (KB4601331) 2021-02 Cumulative Update for Windows 10 Version 1803 (KB4601354) .NET 2021-02 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4600944) 2021-02 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB4600945) 2021-02 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB4600957) 2021-02 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB4601048) 2021-02 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB4601057) 2021-02 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4601058) 2021-02 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4601089) 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB4601090) 2021-02 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB4601091) 2021-02 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4601092) 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB4601093) 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB4601094) 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4602958) 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB4602959) 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4602960) 2021-02 Security Only Update for .NET Framework 4.6 for Windows Server 2008 (KB4602961) 2021-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4603002) 2021-02 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB4603003) 2021-02 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4603004) 2021-02 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 (KB4603005) 2021-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004 (KB4601050) 2021-02 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB4601051) 2021-02 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 (KB4601052) 2021-02 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016 (1803) (KB4601054) 2021-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB4601055) 2021-02 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909 and Windows 10 Version 1909 (KB4601056) 2021-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB4601060) 2021-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB4601887) Known Issues Windows 7 SP1 and Windows Server 2008 R2 Updates are reverted if the device is not supported by ESU; this is expected behavior. Certain operations on Cluster Shared Volumes may fail. Microsoft suggests to run operations from processes with admin privileges or to perform them from a node that does not have CSV ownership. Windows 8.1 and Server 2012 R2 The error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." may be displayed after installing KB4493509 on devices with "some Asian language packs. Microsoft suggests to uninstall and reinstall recently added language packs, install recent Windows Updates, and if that does not help, to reset the PC. Windows 10 version 1909, 2004, 20H2 System and user certificates may be lost during updates. Microsoft suggests to roll back the upgrade to the new version of Windows. Windows 10 version 2004 and 20H2 Incorrect Furigana characters may be entered when using the Microsoft Japanese Input Method Editor. Microsoft is working on a resolution. Security advisories and updates ADV 990001 -- Latest Servicing Stack Updates Non-security related updates KB890830 -- Windows Malicious Software Removal Tool Microsoft Office Updates You find Office update information here. How to download and install the March 2021 security updates Security updates are released via Windows Updates to the majority of Home systems. Enterprise and business customers have other options at their disposal, including using update management systems such as WSUS. We recommend that backups are created before updates are installed, as updates may introduce issues on systems that range from usability issues to serious bugs that may damage data or make the system unbootable. Windows administrators may check for updates manually using the following method: Select Start, type Windows Update and load the Windows Update item that is displayed. Select check for updates to run a manual check for updates. Direct update downloads Below are resource pages with direct download links, if you prefer to download the updates to install them manually. Windows 7 and Server 2008 R2 KB5000841 -- 2021-03 Security Monthly Quality Rollup for Windows 7 KB5000851 -- 2021-03 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB5000848 -- 2021-03 Security Monthly Quality Rollup for Windows 8.1 KB5000822 -- 2021-03 Security Only Quality Update for Windows 8.1 Windows 10 (version 1909) KB5000808 -- 2021-03 Cumulative Update for Windows 10 Version 1909 Windows 10 (version 2004) KB5000802 -- 2021-03 Cumulative Update for Windows 10 Version 2004 Windows 10 (version 20H2) KB5000802-- 2021-03 Cumulative Update for Windows 10 Version 20H2 Source: Microsoft Windows Security Updates March 2021 overview
  9. Samsung ends security updates for the Galaxy S8 and S8+ Samsung has pulled the plug on security updates for the Galaxy S8 and S8+. The devices were announced back in 2017, marking the beginning of smartphones with thin bezels. They had since enjoyed four years of Android security updates, although that has now come to an end. On its security updates page (via 9to5Google), Samsung has removed the two flagship phones from the list of handsets that are receiving support. If you intend to keep your Galaxy S8, you'll have to cope with the current software version moving forward, knowing that it will no longer receive fixes or any form of updates. While security updates for the legacy phones have ended, it's worth noting that the Galaxy S8 and S8+ continued to receive support for a longer period than Google's Pixel phones. Samsung managed to beat Google at its own game when it announced in February that it would roll out four years of security updates for Galaxy devices. In contrast, the Pixel devices receive only up to three years of security and feature updates. Like most of Samsung's flagships, the Galaxy S8 lineup received two major OS updates and up to three years of monthly security updates before it was moved to the quarterly schedule early last year. Noticeably, the Galaxy S8 Active and S8 Lite are still receiving security updates under the quarterly and biannual schedules, respectively, since these were released a few months after the Galaxy S8 phones were launched. Source: Samsung ends security updates for the Galaxy S8 and S8+
  10. If your browser is prompting you to restart now may be a good time to do so. Microsoft and Google have released an urgent fix for a browser vulnerability in their Chromium-based browsers which can be exploited simply by visiting a web page or clicking a link. According to the BSI: Several vulnerabilities in Google Chrome and Microsoft Chrome-based Edge have been disclosed. An attacker can exploit this with unknown effects. To exploit it, it is sufficient to call up a maliciously designed website or to click a link to such a page. The vulnerabilities have been judged as Risk level 4, meaning they are high impact and easy to exploit. Microsoft has updated their Edge browser to version 92.0.902.78 and list 6 vulnerabilities fixed by the update: CVE-2021-30604,CVE-2021-30603, CVE-2021-30602,CVE-2021-30601, CVE-2021-30599, CVE-2021-30598 Unfortunately, more details regarding the exploits are not available yet. The Chrome browser is affected by the same issues – simply restarting your browser should be sufficient to install the updates. via Winfuture. Microsoft and Google release urgent browser security update for Risk Level 4 Drive-by exploit
  11. WordPress force installs Jetpack security update on 5 million sites Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in. Jetpack is a remarkably popular WordPress plug-in that provides free security, performance, and website management features, including brute-force attack protection, site backups, secure logins, and malware scanning. The plugin has more than 5 million active installations, and it is developed and maintained by Automattic, the company behind WordPress. No in the wild exploitation The vulnerability was found in the Carousel feature and its option to display comments for each image, with nguyenhg_vcs being the one credited for responsibly disclosing the security bug. No other details are available regarding this security flaw to protect the sites that haven't yet been updated. However, we do know that Automattic addressed it with added authorization logic. The announcement made by Automattic says the bug impacts all versions starting with the Jetpack 2.0 release and going back to November 2012. The Jetpack development team added that it found no evidence that the vulnerability has been exploited in the wild. "However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability," the developers warn. Jetpack patch Automattic is force installing patched versions on all websites running vulnerable Jetpack versions, with most sites already having been updated. "To help you in this process, we worked with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0," Automattic said. "Most websites have been or will soon be automatically updated to a secured version." Currently, download stats available on the WordPress Plugins site confirm that the security updates have been pushed to most if not all exposed websites. Jetpack downloads history Forced updates used to patch critical bugs affecting millions This is not the first time Automattic used the automated deployment of security updates to patch vulnerable plug-ins or WordPress installations. WordPress lead developer Andrew Nacin stated in 2015 that the company had used automated updates only five times since its launch. Samuel Wood, another WordPress developer, added in October 2020 that Automattic used the forced security updates feature to push "security releases for plugins many times" since WordPress 3.7 was released. This hints at the fact that Automattic deploys forced updates to patch plug-ins used by millions of sites against critical security vulnerabilities. For instance, in 2019, Jetpack received a critical security update to fix a bug in the way the plug-in processed embed code. Another security update addressed an issue found during an internal audit of the Contact Form block in December 2018. A May 2016 critical security update patched a vulnerability in the way some Jetpack shortcodes were processed. In related news, in 2018, threat actors also found a method to install backdoored plugins on WordPress websites using weakly protected WordPress.com accounts and Jetpack's remote management feature. WordPress force installs Jetpack security update on 5 million sites
  12. May Android security updates patch 4 zero-days exploited in the wild According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month. Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month's Android security updates were published. "There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," a recently updated version of the May 2021 Android Security Bulletin reveals. For 2021, we've surpassed the number of 0-days detected in-the-wild in all of 2020. That's great!https://t.co/o4F74b68Fh — Maddie Stone (@maddiestone) May 19, 2021 The four Android vulnerabilities impact Qualcomm GPU and Arm Mali GPU Driver components. Qualcomm and Arm have published further details on each vulnerability via security advisories issued separately [1, 2]. Android users are recommended to install this month's security updates as soon as possible if they are impacted by these issues. CVE-ID CVE-2021-1905 Impact Qualcomm - Use After Free in Graphics. Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. CVE-2021-1906 Qualcomm - Detection of Error Condition Without Action in Graphics. Improper handling of address deregistration on failure can lead to new GPU address allocation failure. CVE-2021-28663 ARM - Mali GPU Kernel Driver allows improper operations on GPU memory. A non-privileged user can make improper operations on GPU memory to enter into a use-after-free scenario and may be able to gain root privilege, and/or disclose information. CVE-2021-28664 ARM - Mali GPU Kernel Driver elevates CPU RO pages to writable. A non-privileged user can get a write access to read-only memory, and may be able to gain root privilege, corrupt memory and modify the memory of other processes. This month's Android security updates also include patches for critical vulnerabilities in the System component that could be exploited by remote attackers using specially crafted files to execute arbitrary malicious code within the context of a privileged process. Regrettably, users who haven't switched to new devices that still receive monthly security updates might not be able to install these patches. To put things into perspective, more than 9% of all Android devices are still running Android 8.1 Oreo (released in December 2017), and roughly 19% Android Pie 9.0 (released in August 2018), according to StatCounter data. In December, Qualcomm also addressed a high severity security vulnerability in Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) that could allow attackers to access smartphone users' text messages, call history, and listen in on their conversations. Last year, Qualcomm fixed more vulnerabilities impacting the Snapdragon chip Digital Signal Processor (DSP) chip and enabling attackers to take control of smartphones without user interaction and create unremovable malware that can evade detection. Other bugs that could allow decrypting some WPA2-encrypted wireless network packets, accessing critical data, and two flaws in the Snapdragon SoC WLAN firmware allowing over the air compromise of the modem and the Android kernel were also patched during the last two years. Source: May Android security updates patch 4 zero-days exploited in the wild
  13. Microsoft announce extension of security updates for Windows Server 2008, 2012 and SQL Server 2012 The internet has become increasingly dangerous, making it very difficult for Microsoft to simply abandon old software which is often running important infrastructure. At Inspire 2021 Microsoft announced that they will continue to release Extended Security Updates for Windows Server 2008 and 2012, and for SQL Server 2012. Windows Server 2012 and 2012 R2 was set to exit Extended Support on the 10th October 2023, but Microsoft has confirmed that this will be pushed back 3 years, while SQL Server 2012 will also get another 3 years beyond its earlier July 12, 2022 end of support date. Extended support of course costs a pretty penny, but Microsoft is prepared to offer it for free if you move your Windows Server to their Azure cloud using Azure Hybrid Benefit, which Microsoft says is the cheapest way to run Windows Server and SQL Server in the cloud. If you decide to stay on-prem, Microsoft is demanding a price escalator, with year one of support costing three-quarters of your licence costs, year two the price will be at full price, and in year three Extended Security Updates will cost 125 per cent of the license cost. Read all the detail at Microsoft here. via The Register Microsoft announce extension of security updates for Windows Server 2008, 2012 and SQL Server 2012
  14. Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update] Earlier last week, Microsoft acknowledged that it was investigating a critical vulnerability in Windows 10 that when exploited could let attackers run arbitrary code on the victim’s system. The vulnerability, tracked under CVE-2021-34527, is present in the Windows Print Spooler service and is termed print "PrintNightmare" that can allow for remote code execution (RCE). As the vulnerability was still being investigated, the Redmond firm listed two possible workarounds to mitigate the risks caused by the bug. Today, the firm has provided an update in the Microsoft Security Response Center (MSRC) listing for the vulnerability noting that it is rolling out a patch for the latest Windows 10 versions to address the issue. The update, KB5004945, is currently rolling out to the three most recent Windows 10 versions, 2004, 20H2, and 21H1, bumping them to Windows 10 builds 19041.1083, 19042.1083, and 19043.1083, respectively. Since these versions are based on the same codebase, the updates are identical for all the versions. The changelog and documentation for the update are yet to go live. Considering that these are security updates to fix a critical vulnerability, they are mandatory updates and are downloaded automatically through Windows Update. Users can also manually download the patch from the Update Catalog here. Future patches, such as the upcoming Patch Tuesday updates, will contain these fixes. There is no word from the firm on how the vulnerability affects older versions of the OS, though it notes that it has completed the investigation of the issue. The updates today are only rolling out to the three most recent and fully supported Windows 10 versions, but it will not be surprising to see a patch being made available for older versions still being supported for Enterprise and Education customers sooner, as the firm notes that supported Windows versions that do not receive an update today will get one "shortly after July 6". For those unaware, the PrintNightmare vulnerability is caused by the Print Spooler service not restricting access to a function that is used to install printer drivers remotely. An attacker that gains unrestricted access can execute arbitrary code with SYSTEM privileges, examples of which are already available on the web. Considering the severity of the vulnerability, it is best for all users to update to the latest build as soon as possible. Update: The patches are available for most supported Windows 10, Windows 8.1, and Windows 7 (ESU users). You can either update via Windows Update, or head to the MSRC document to find links to the requisite Update Catalog pages. The company has also provided the KB article links, but as is the case these days, those pages are yet to be updated. Windows 10 version 1607, Windows Server 2012, and Windows Server 2016 are yet to receive updates. Here is the complete list of links posted by the firm: Product Severity Article Download Windows Server 2012 R2 (Server Core installation) Critical 5004954 Monthly Rollup Windows Server 2012 R2 (Server Core installation) Critical 5004958 Security Only Windows Server 2012 R2 Critical 5004954 Monthly Rollup Windows Server 2012 R2 Critical 5004958 Security Only Windows Server 2012 (Server Core installation) Critical Windows Server 2012 Critical Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Critical 5004953 Monthly Rollup Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Critical 5004951 Security Only Windows Server 2008 R2 for x64-based Systems Service Pack 1 Critical 5004953 Monthly Rollup Windows Server 2008 R2 for x64-based Systems Service Pack 1 Critical 5004951 Security Only Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Critical 5004955 Monthly Rollup Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Critical 5004959 Security Only Windows Server 2008 for x64-based Systems Service Pack 2 Critical 5004955 Monthly Rollup Windows Server 2008 for x64-based Systems Service Pack 2 Critical 5004959 Security Only Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Critical 5004955 Monthly Rollup Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Critical 5004959 Security Only Windows Server 2008 for 32-bit Systems Service Pack 2 Critical 5004955 Monthly Rollup Windows Server 2008 for 32-bit Systems Service Pack 2 Critical 5004959 Security Only Windows 8.1 for x64-based systems Critical 5004954 Monthly Rollup Windows 8.1 for x64-based systems Critical 5004958 Security Only Windows 8.1 for 32-bit systems Critical 5004954 Monthly Rollup Windows 8.1 for 32-bit systems Critical 5004958 Security Only Windows 7 for x64-based Systems Service Pack 1 Critical 5004953 Monthly Rollup Windows 7 for x64-based Systems Service Pack 1 Critical 5004951 Security Only Windows 7 for 32-bit Systems Service Pack 1 Critical 5004953 Monthly Rollup Windows 7 for 32-bit Systems Service Pack 1 Critical 5004951 Security Only Windows Server 2016 (Server Core installation) Critical Windows Server 2016 Critical Windows 10 Version 1607 for x64-based Systems Critical Windows 10 Version 1607 for 32-bit Systems Critical Windows 10 for x64-based Systems Critical 5004950 Security Update Windows 10 for 32-bit Systems Critical 5004950 Security Update Windows Server, version 20H2 (Server Core Installation) Critical 5004945 Security Update Windows 10 Version 20H2 for ARM64-based Systems Critical 5004945 Security Update Windows 10 Version 20H2 for 32-bit Systems Critical 5004945 Security Update Windows 10 Version 20H2 for x64-based Systems Critical 5004945 Security Update Windows Server, version 2004 (Server Core installation) Critical 5004945 Security Update Windows 10 Version 2004 for x64-based Systems Critical 5004945 Security Update Windows 10 Version 2004 for ARM64-based Systems Critical 5004945 Security Update Windows 10 Version 2004 for 32-bit Systems Critical 5004945 Security Update Windows 10 Version 21H1 for 32-bit Systems Critical 5004945 Security Update Windows 10 Version 21H1 for ARM64-based Systems Critical 5004945 Security Update Windows 10 Version 21H1 for x64-based Systems Critical 5004945 Security Update Windows 10 Version 1909 for ARM64-based Systems Critical 5004946 Security Update Windows 10 Version 1909 for x64-based Systems Critical 5004946 Security Update Windows 10 Version 1909 for 32-bit Systems Critical 5004946 Security Update Windows Server 2019 (Server Core installation) Critical 5004947 Security Update Windows Server 2019 Critical 5004947 Security Update Windows 10 Version 1809 for ARM64-based Systems Critical 5004947 Security Update Windows 10 Version 1809 for x64-based Systems Critical 5004947 Security Update Windows 10 Version 1809 for 32-bit Systems Critical 5004947 Security Update Update 2: The KB articles are now live for those interested in reading through the changelog. For Windows 10, the changelog is mostly similar across versions. Here is how the firm details the update: Addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system’s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010. Microsoft releases mandatory Windows updates to fix PrintNightmare exploit [Update]
  15. Google has released the March 2022 security updates for Android 10, 11, and 12, addressing three critical severity flaws, one of which affects all devices running the latest version of the mobile OS. Tracked as CVE-2021-39708, the flaw lies in the Android System component, and it's an escalation of privilege problem requiring no user interaction or additional execution privileges. "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." - mentions Google's bulletin. The other two critical flaws are CVE-2021-1942 and CVE-2021-35110, both affecting closed-source components on Qualcomm-based devices. For a full list of which Qualcomm chipsets are affected by these two vulnerabilities, check out the chipmaker's security bulletin. No further technical details have been published for any of the fixed vulnerabilities, as doing so would put users running an older patch level at risk. Other fixes that land with the March 2022 update are: 1 medium severity escalation of privilege flaw in Android runtime (version 12) 5 high severity escalation of privileges flaws in Android Framework (versions 10, 11, 12) 2 high severity denial of service flaws in Android Framework (version 12) 1 high severity information disclosure in Media Framework (versions 10, 11, 12) 8 high severity escalation of privilege flaws in System (versions 10, 11, 12) 1 high severity information disclosure flaw in System (versions 10, 11, 12) 4 high severity escalation of privilege flaws in Kernel 1 high severity information disclosure in Kernel 3 high severity flaws in MediaTek components 10 high severity flaws in Qualcomm components As is the case every month, Google has released two patch levels for March 2022, one denoted as "2022-03-01" and one as "2022-03-05". The second patch level includes everything in the first set plus fixes for third-party closed source and Kernel components that may not apply to all devices. As such, your device vendor may choose to push the first level to save on roll-out time, and it won't necessarily mean that you are left vulnerable to exploitation. With the only exception being Google's Pixel line which receives these security updates immediately, all other vendors will need some time to bundle the patches for each of their models, as different hardware configurations require dedicated testing and fine-tuning. If you are running anything older than Android 10, consider upgrading to a new and actively supported device or flashing your existing with a third-party Android ROM that's based on a recent AOSP version. Android's March 2022 security updates fix three critical bugs
  16. Linux Mint has released version 20.3, codenamed 'Una,' as a long-term support version that will receive security updates until 2025. Long-term support releases are for those who favor stability over bleeding-edge software and experimental features, so Linux Mint 20.3 is ideal for those who want to keep the same system without significant changes for years. Mint is one of the most popular and widely used Linux distributions available today, using a Ubuntu base along with a desktop environment called 'Cinnamon' that will be more familiar to Windows users. The reason why Mint is so popular mainly has to do with the complete out-of-the-box experience it offers, coming with proprietary format codecs, closed-source GPU drivers, and a variety of helpful multimedia apps pre-installed. These features allow users to start using the Linux distribution without installing too many other packages. Linux Mint 20.3 running Cinnamon 5.2 Source: Linux Mint New in this release The highlights in Linux Mint 20.3 are the following: Dark mode is now omnipresent in apps and DE elements, giving a more coherent user experience. The Hypnotix IPTV player has received UI revamp and a new search function. A new Document Manager called ‘Thingy’ has been introduced, featuring reading progress history. The Sticky Notes app now has a search function. All themes have been tweaked for a modernized look and feel, and were optimized for dark mode. The printing and scanning system was upgraded to support recent models from HP. The Xreader PDF reader now has a manga reading mode. Cinnamon 5.2 has integrated the calendar and added event management function with wider syncing integration potential (Evolution, Google Calendar, Mozilla Thunderbird). New document manager Thingy Source: Linux Mint If the Cinnamon desktop environment isn’t your cup of tea, Linux Mint 20.3 is also available in two more flavors, MATE and XFCE. MATE is a fork of GNOME 2, a desktop environment that was discontinued ten years ago, so it’s suitable for those who prefer a more old-school look but with GTK 3 support. The XFCE is a lightweight and speedy desktop environment which thrives by balancing modern looks with simplicity in form and function. If you’re already using Linux Mint and you’re looking for instructions on how to upgrade to the latest version, you follow the steps in Mint's official guide. Apart from some theme-related quirks and breakages that are easy to fix, most users who upgraded over the weekend report that it went well. To download the latest ISO and perform a clean install, which is the recommended way to upgrade, use one of the mirrors provided in the new release announcement. Linux Mint 20.3 released promising security updates until 2025
  17. Debian GNU/Linux 10.6 has been announced today as the sixth ISO maintenance update of the latest stable Debian GNU/Linux 10 “Buster” operating system series. Debian GNU/Linux 10.6 is here two months after the Debian GNU/Linux 10.5 update to provide those who want to install the latest stable Debian GNU/Linux release an up-to-date installation media that includes all the important corrections and security updates. Debian GNU/Linux 10.6 packs a total of 53 updated packages with miscellaneous bug fixes, as well as 32 security updates that address some of the latest vulnerabilities. All of these updates have already been made available to exiting Debian Buster users through the official software repositories. If you are using Debian GNU/Linux 10.5 or a previous version on your persona computer or server, you don’t need to download the new ISO images. All you have to do to keep your system up to date is to run the sudo apt-get update && sudo apt-get full-upgrade command in a terminal emulator. Debian GNU/Linux 10.6 live and installation images will soon be available for download from the official servers. I will update this article when they’re available so you can download them and install the most recent Debian GNU/Linux 10 “Buster” release. Installation images are now available to download here for 64-bit (amd64), 32-bit (i386), PowerPC 64-bit Little Endian (ppc64el), IBM System z (s390x), MIPS 64-bit Little Endian (mips64el), MIPS 32-bit Little Endian (mipsel), Armel, ARMhf, and AArch64 (arm64) architectures. Also, live images are available for download from here for 64-bit and 32-bit architectures pre-installed with the KDE Plasma, GNOME, Xfce, LXDE, LXQt, Cinnamon, and MATE desktop environments. Image: Debian Project Side note: These are the ISO they hide with built in drivers for trouble free installations and many desktop environments to chose from. ISOs with Firmware x64 Non free ISOs with Firmware x86 Non free Source
  18. Microsoft Windows Security Updates September 2020 overview Welcome to the Microsoft Windows Patch Day overview for September 2020. Microsoft released security updates and non-security updates for all supported client and server operating systems. Other company products have received security updates as well on this Patch Day. The Windows updates that Microsoft releases on the second Tuesday of a month are cumulative in nature. Administrators may get them via Windows Update, WSUS, as direct downloads, or via other update management systems. Our monthly overview provides you with details on the released patches. It includes an overview of all security patches that Microsoft released, an Excel spreadsheet with all the patches, an overview of the operating system distribution and severeness, direct download links, links to support pages, security advisories, known issues, and more. Microsoft Windows Security Updates September 2020 You may download an Excel spreadsheet with detailed information about the September 2020 Patch Day. Click on the following link to download the archive to your system. All that is left to do is to extract the zip file and open it in a spreadsheet application such as Excel or LibreOffice Calc: windows-security-updates-september-2020 Executive Summary Microsoft released security updates for all supported client and server versions of Windows. Security updates were also released for other company products including Microsoft Edge (old and new), Internet Explorer, Visual Studio, Microsoft Office, Microsoft OneDrive, SQL Server, and Azure DevOps. Operating System Distribution Windows 7 (extended support only): 33 vulnerabilities: 4 critical and 48 important CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability CVE-2020-1252 | Windows Remote Code Execution Vulnerability CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability Windows 8.1: 41 vulnerabilities: 5 rated critical and 51 rated important same as Windows 7 Windows 10 version 1803: 63 vulnerabilities: 9 critical and 54 important CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1252 | Windows Remote Code Execution Vulnerability CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability Windows 10 version 1809: 70 vulnerabilities: 9 critical and 56 important same as Windows 10 version 1803 Windows 10 version 1903: 70 vulnerabilities: 9 critical and 61 important same as Windows 10 version 1803 Windows 10 version 1909: same as Windows 10 version 1803 Windows 10 version 2004: Windows Server products Windows Server 2008 R2 (extended support only): 39 vulnerabilities: 6 critical and 33 important CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability CVE-2020-1252 | Windows Remote Code Execution Vulnerability CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability Windows Server 2012 R2: 47 vulnerabilities: 6 critical and 41 important. same as Windows Server 2008 R2 Windows Server 2016: 62 vulnerabilities: 9 critical and 56 important. same as Windows Server 2008 R2, plus CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability Windows Server 2019: 73 vulnerabilities: 9 critical and 64 are important same as Windows Server 2016. Other Microsoft Products Internet Explorer 11: 3 vulnerability: 1 critical, 2 important CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability Microsoft Edge: 4 vulnerabilities: 3 critical, 1 important CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability CVE-2020-1057 | Scripting Engine Memory Corruption Vulnerability CVE-2020-1172 | Scripting Engine Memory Corruption Vulnerability Microsoft Edge on Chromium: see here (latest security patches from the Chromium project) Windows Security Updates Windows 7 SP1 and Windows Server 2008 R2 Monthly Rollup: KB4577051 Security-only Update: KB4577053 Fixes and improvements: Yukon, Canada time zone information update (monthly rollup). Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup). Security Updates Windows 8.1 and Server 2012 R2 Monthly Rollup: KB4577066 Security-only Update: KB4577071 Fixes and improvements: Yukon, Canada time zone information update (monthly rollup). Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup). Fixed an unnamed issue when evaluating the compatibility status of the Windows system (monthly rollup). Security updates. Windows 10 version 1803 Support page: KB4577032 Fixes and improvements: Ability to sync Microsoft Edge IE Mode unidirectional session cookies when configured by an admin. Fixed an issue related to unexpected notifications. Updated Yukon, Canada time zone information. Fixed an Ever Viewer issue that prevented it from saving filtered events correctly. Fixed a delayed shutdown issue caused by Microsoft Keyboard Filter Service. Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup). Security Updates Windows 10 version 1809 Support page: KB4570333 Fixes and improvements: Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup). Security Updates Windows 10 version 1903 and 1909 Support page: KB4574727 Fixes and improvements: Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup). Security Updates Windows 10 version 2004 Support page: KB4571756 Fixes and improvements: Addressed a potential elevation of privilege issue in windowmanagement.dll. Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup). Security Updates Other security updates KB4577010 -- Cumulative security update for Internet Explorer: September 8, 2020 KB4577038 -- 2020-09 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 KB4577048 -- 2020-09 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 KB4577064 -- 2020-09 Security Monthly Quality Rollup for Windows Server 2008 KB4577070 -- 2020-09 Security Only Quality Update for Windows Server 2008 KB4577015 -- 2020-09 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 KB4577021 -- 2020-09 Cumulative Update for Windows 10 Version 1703 KB4577041 -- 2020-09 Cumulative Update for Windows 10 Version 1709 KB4577049 -- 2020-09 Cumulative Update for Windows 10 Version 1507 Microsoft .NET Framework updates: KB4576485 -- 2020-09 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4576486 -- 2020-09 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4576487 -- 2020-09 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4576488 -- 2020-09 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4576489 -- 2020-09 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4576490 -- 2020-09 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4576612 -- 2020-09 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4576613 -- 2020-09 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 KB4576614 -- 2020-09 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 KB4576628 -- 2020-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 KB4576629 -- 2020-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 KB4576630 -- 2020-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 KB4576631 -- 2020-09 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 KB4576478 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 2004 and Windows 10 Version 2004 KB4576479 --2020-09 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 KB4576480 -- 2020-09 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703 KB4576481 -- 2020-09 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 KB4576482 -- 2020-09 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016 (1803) KB4576483 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 KB4576484 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903 KB4576627 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 Servicing Stack updates: KB4577266 -- 2020-09 Servicing Stack Update for Windows Server, version 2004 and Windows 10 Version 2004 KB4570332 -- 2020-09 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809 KB4576750 -- 2020-09 Servicing Stack Update for Windows Server 2016 and Windows 10 Version 1607 KB4576751 -- 2020-09 Servicing Stack Update for Windows Server 2019 (1903), and Windows 10 Version 1903 Known Issues Windows 7 SP1 and Windows Server 2008 R2 Updates may fail to install if the system is not supported by ESU. Certain operations may fail on cluster shared volumes. See workarounds on the support page. Windows 8.1 and Server 2012 R2 Certain operations may fail on cluster shared volumes. See workarounds on the support page. Windows 10 version 1809 Error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." on systems with certain Asian language packs. Microsoft suggests to uninstall and reinstall the language packs, or to reset the PC. Microsoft Edge legacy error "0x80704006. Hmmmm…can’t reach this page" when trying to access sites on non-standard ports. Suggestions include using the new Edge or IE 11. Windows 10 version 2004 Users of the Microsoft Input Method Editor for Chinese and Japanese may experience various issues. Check this support page for additional details. Security advisories and updates Non-security related updates KB4566371 -- 2020-09 Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 KB4574726 -- 2020-09 Dynamic Update for Dynamic Update for Windows 10 Version 1903, and Windows 10 Version 1909 KB4578847 -- 2020-09 Update for Windows Server 2008 R2 for x64-based Systems KB890830 -- Windows Malicious Software Removal Tool KB4574728 -- 2020-09 Dynamic Update for Windows 10 Version 2004 Microsoft Office Updates You find Office update information here. How to download and install the September 2020 security updates Security updates are released via Microsoft's Windows Update service and update management services such as WSUS. The main cumulative updates may also be downloaded from the company's Microsoft Update Catalog website. It is recommended to back up the system before updates are installed as the installation of updates may cause numerous issues including boot issues, data loss or loss of functionality. Windows administrators may run a manual update check at any time on home devices. Here are the instructions on how to do that: Select Start and select Settings. Select Update & Security in the Settings application. Click on the "check for updates" button to run a manual check for updates. Windows checks if important updates are available to download and install these on the device. Direct update downloads Below are resource pages with direct download links, if you prefer to download the updates to install them manually. Windows 7 and Server 2008 R2 KB4577051 -- 2020-09 Security Monthly Quality Rollup for Windows 7 KB4577053 -- 2020-09 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB4577066 -- 2020-09 Security Monthly Quality Rollup for Windows 8.1 KB4577071 -- 2020-09 Security Only Quality Update for Windows 8.1 Windows 10 (version 1803) KB4577032 -- 2020-09 Cumulative Update for Windows 10 Version 1803 Windows 10 (version 1809) KB4570333 -- 2020-09 Cumulative Update for Windows 10 Version 1809 Windows 10 (version 1903) KB4574727 -- 2020-09 Cumulative Update for Windows 10 Version 1903 Windows 10 (version 1909) KB4574727 -- 2020-09 Cumulative Update for Windows 10 Version 1909 Windows 10 (version 2004) KB4571756 -- 2020-09 Cumulative Update for Windows 10 Version 2004 Microsoft Windows Security Updates September 2020 overview
  19. Office January security updates fix remote code execution bugs Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday. In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software. A separate crash problem affecting the Microsoft 365 Apps version of Excel when using certain Windows Security exploit protection settings was also fixed this week. Microsoft also released non-security Microsoft Office updates last week addressing recurrent Outlook crashes and other issues impacting Windows Installer (MSI) editions of Office 2016 products. The company also issued the January 2021 Patch Tuesday, with patches for a Microsoft Defender antivirus zero-day exploited in the wild and 83 additional security vulnerabilities, ten of them rated as critical. Non-security Windows updates were also released on Tuesday with the Windows 10 KB4598229 and KB4598242 cumulative updates. List of patched Office security vulnerabilities Office security updates published as part of the January 2021 Patch Tuesday address bugs exposing Windows systems running vulnerable Click to Run and Microsoft Installer (.msi)-based editions of Microsoft Office products to remote code execution (RCE) attacks. Microsoft rated the six RCE bugs patched this month as Important severity issues since they could enable attackers to execute arbitrary code in the context of the currently logged-in user. After successful exploitation, the attackers could install malicious programs, view, change, and delete data, as well as create their own admin accounts on compromised Windows devices. Tag CVE ID CVE Title Severity Microsoft Office CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important Microsoft Office CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important Microsoft Office SharePoint CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important Microsoft Office SharePoint CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important Microsoft Office SharePoint CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important Microsoft Office SharePoint CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important January 2021 Microsoft Office security updates Microsoft Office security updates are delivered through the Microsoft Update platform and via the Download Center. Further information about each of them is available within the knowledge base articles linked below. To download the January 2021 Microsoft Office security updates, you have to click on the corresponding knowledge base article below and then scroll down to the 'How to download and install the update' section. Microsoft Office 2016 Product Knowledge Base article title and number Excel 2016 Security update for Excel 2016 (KB4493165) Office 2016 Security update for Office 2016 (KB4493168) Office 2016 Security update for Office 2016 (KB4486755) Word 2016 Security update for Word 2016 (KB4493156) Microsoft Office 2013 Product Knowledge Base article title and number Excel 2013 Security update for Excel 2013 (KB4493176) Office 2013 Security update for Office 2013 (KB4486762) Office 2013 Security update for Office 2013 (KB4486759) Word 2013 Security update for Word 2013 (KB4486764) Microsoft Office 2010 Product Knowledge Base article title and number Excel 2010 Security update for Excel 2010 (KB4493186) Office 2010 Security update for Office 2010 (KB4493143) Office 2010 Security update for Office 2010 (KB4493142) Office 2010 Security update for Office 2010 (KB4493181) Word 2010 Security update for Word 2010 (KB4493145) Microsoft SharePoint Server 2019 Product Knowledge Base article title and number Office Online Server Security update for Office Online Server (KB4493160) SharePoint Server 2019 Security update for SharePoint Server 2019 (KB4493162) SharePoint Server 2019 Language Pack Security update for SharePoint Server 2019 Language Pack (KB4493161) Microsoft SharePoint Server 2016 Product Knowledge Base article title and number SharePoint Enterprise Server 2016 Security update for SharePoint Enterprise Server 2016 (KB4493163) SharePoint Enterprise Server 2016 Security update for SharePoint Enterprise Server 2016 (KB4493167) Microsoft SharePoint Server 2013 Product Knowledge Base article title and number Office Web Apps Server 2013 Security update for Office Web Apps Server 2013 (KB4493171) Project Server 2013 Cumulative update for Project Server 2013 (KB4493173) SharePoint Enterprise Server 2013 Security update for SharePoint Enterprise Server 2013 (KB4486724) SharePoint Enterprise Server 2013 Security update for SharePoint Enterprise Server 2013 (KB4486683) SharePoint Enterprise Server 2013 Cumulative update for SharePoint Enterprise Server 2013 (KB4493150) SharePoint Foundation 2013 Security update for SharePoint Foundation 2013 (KB4493175) SharePoint Foundation 2013 Cumulative update for SharePoint Foundation 2013 (KB4493172) Microsoft SharePoint Server 2010 Product Knowledge Base article title and number Project Server 2010 Cumulative update for Project Server 2010 (KB4493182) SharePoint Foundation 2010 Security update for SharePoint Foundation 2010 (KB4493187) SharePoint Server 2010 Security update for SharePoint Server 2010 (KB4493178) SharePoint Server 2010 Security update for SharePoint Server 2010 (KB4486736) SharePoint Server 2010 Cumulative update for SharePoint Server 2010 (KB4493184) SharePoint Server 2010 Office Web Apps Security update for SharePoint Server 2010 Office Web Apps (KB4493183) Source: Office January security updates fix remote code execution bugs
×
×
  • Create New...