background preloader

Updates

Facebook Twitter

Windows RT 8.1 update pulled after it gives tablets the blue screen of death. If you like to stand out from the crowd then you may have taken the decision to set yourself apart from the legions of Android users and iOS fans when it came to choosing a tablet.

Windows RT 8.1 update pulled after it gives tablets the blue screen of death

Over the weekend those of you using a Windows RT device were probably looking forward to the thought of the impending update to version 8.1 of the operating system. That is, right up until the time you actually installed it. Windows Security Update Causing System Crash. A recent security bulletin released by Microsoft as part of the August 2014 Patch Tuesday can lead to a crash on some systems, the company said in a knowledge base article.

Windows Security Update Causing System Crash

Microsoft launched an investigation after a large number of users reported getting a so-called "blue screen of death" (BSOD) after installing update KB2982791 (MS14-045). MS14-045 fixes three Windows kernel-mode driver vulnerabilities that can be exploited by a local authenticated attacker to escalate privileges by running a specially crafted application. However, Microsoft says there are three known issues with this update: fonts are not installed in the default directory, fonts do not render correctly, and the system could crash with a 0x50 Stop error message (bugcheck). "Apparently, the BSoD is caused by incorrect handling of the Windows font cache file - and because that happens during boot-up, you end up stuck in a reboot loop," Sophos' Paul Ducklin explained in a blog post.

Previous Columns by Eduard Kovacs: The Return of BSOD: Does ANYONE trust Microsoft patches? The essential guide to IT transformation Patch early and patch often is the advice of security professionals when it comes to software updates.

The Return of BSOD: Does ANYONE trust Microsoft patches?

After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker? Yet sysadmins will be increasingly leery of applying such an approach to Windows systems following Microsoft's latest botch job. On 12 August Microsoft released 40 updates for Internet Exploder, Windows 7 and Windows 8 Pro. Very shortly afterwards people began reporting their Windows machines bricking – while others glimpsed something they hadn't seen in a very long time: the Blue Screen of Death. They were wrong. "I have spent about 8 hours looking into this and I found out that the error occurs when I install any of the following updates: KB2976897, KB2982791 and KB2970228. Tempers were running high.

Remond cries UNINSTALL in the wake of Blue Screens of Death™ Secure remote control for conventional and virtual desktops Microsoft has urged users to remove a buggy update and yanked its download links, after reports emerged it caused the dreaded blue-screen-of-death.

Remond cries UNINSTALL in the wake of Blue Screens of Death™

The fixes issued on Patch Update Tuesday addressed privelege escalation bugs but an apparent font cache clearing issue lead to Windows boxes turning the colour of a clear sky. The guilty patch run addressed 40 bugs across Internet Explorer and Windows 7 and Win 8 Pro other than Starter and Home Basic. At the time of writing 37 pages loaded with questions and narks about the borked updates were on an English Microsoft community forum. Three updates were pulled for download from the Microsoft website but two did not trigger blue screens, were not security-related nor recommended for uninstallation. Microsoft endures Patch Horror Day on Friday 13th – issues updates to 8 of 13 updates. Have you ever watched a cricket match on TV?

Microsoft endures Patch Horror Day on Friday 13th – issues updates to 8 of 13 updates

(North American readers: imagine a game of baseball with more swashbuckle and proper trousers.) If so, you'll know there's always a bit where one of the commentators says something like, "Swaandijve has been by far the most reliable outfielder in the Dutch team [*] over the last two seasons. " You know instinctively what's about to happen. As soon as the words are out of the expert's mouth, the hapless Mr Swaandijve drops a catch that even you or I could have taken with our eyes closed. Well, I've just taken my own Swaandijve. Last weekend, I made a joke about Friday the Thirteenth no longer implying anything in computer security circles except that it was a week with a Patch Tuesday in it. Unpatch Wednesday: Microsoft Pulls Flawed Exchange Server Patch. Just 24 hours after shipping a critical Exchange Server 2013 patch to cover several remote code execution vulnerabilities, Microsoft has yanked the update because it causes a corruption in the index database.

Unpatch Wednesday: Microsoft Pulls Flawed Exchange Server Patch

Microsoft is urging all Exchange Server 2013 users to hold off on deploying the patch until a corrected version can be issued. "Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Second time's a charm! Microsoft tries again with Active Directory patch. High performance access to file storage Microsoft made a second attempt to cleanly patch an "important" security flaw in its Active Directory Federation Services technology on Monday - days after yanking the original update for causing stability problems.

Second time's a charm! Microsoft tries again with Active Directory patch

The original MS13-066 upgrade caused the active directory service to stop working entirely in some cases. The second iteration of the security patch is, we are assured, a much more stable fix. Bear in mind it should applied to server software usually run within enterprise environments to provide corporate users with Single Sign-On access to internet applications and the like. "As the vulnerability it was attempting to fix had only been privately reported, and was not believed to be being exploited in the wild, it’s possible that the fix had actually turned into a bigger problem than the one it was attempting to solve – on Windows Server 2008 systems at least," notes security watcher Graham Cluley. Microsoft Botches More Patches In Latest Automatic Update. Microsoft Black Tuesday Patches Bring Blue Screens of Death. Windows 8.1 Update Crippling PCs With BSOD, Microsoft Suggests You Roll Back. Microsoft RE-BORKS Windows 7 patch after reboot loop horror.

Reports are emerging that a twice-issued Microsoft Windows 7 patch is still causing pain for users, with some claiming the fix is triggering continuous reboots.

Microsoft RE-BORKS Windows 7 patch after reboot loop horror

The patch was first issued as KB2949927 and withdrawn in October due to system faults, before being re-released this week as KB3033929. Sporadic reports across internet forums suggest the patch is causing pain on Windows systems, especially PCs that boot into two or more operating systems. The Register has sought confirmation of the problems from Microsoft. Redmond's initial hope was that the patch would bring SHA-2 code signing support for Windows 7 and Server 2008 R2 users whose operating systems did not previously include that functionality. Microsoft: Almost Half of Bug Disclosures Rated "Highly Severe" Organizations are constantly looking to obtain a “big picture” view of information security so that they can better protect themselves against digital threats.

Microsoft: Almost Half of Bug Disclosures Rated "Highly Severe"

To answer that call, a variety of companies regularly publish security trend reports in which they analyze how threats in the digital space are evolving. Some reports target specific kinds of threats, such as Lastline’s annual review of top malware trends. Others collect threat information from others to better understand the industry as a whole, like Verizon does in its Data Breach Investigations Report. Still others combine the two, relying on their own data to provide organizations with insight into overarching threat trends in the security industry. One such publication is Microsoft’s Security Intelligence Report. For more than a decade, the Redmond-based tech giant has been gathering data on threat trends. 1. 2.

Attackers used to favor Java exploits, but that no longer seems to be the case. 3. 4. 5. 6. 7. 8. 9.