Optimal Security : the Lumension Blog

As expected, we have a large release from Microsoft covering 15 bulletins, 9 of which are critical. This will be a disruptive Patch Tuesday given the broad range of products impacted and the required restarts. Initial priorities should always be the 9 critical vulnerabilities followed by the remaining balance of important and moderate patches. 
August Critical [...]

As more malware writers began to incorporate the Microsoft LNK issue (CVE-2010-2568) into their malicious code, Microsoft last week published a workaround and is [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this July 2010 Patch Tuesday Security Briefing.

Microsoft announced that they have released four security bulletins to address five separate current vulnerabilities. Especially concerning this month is the fact that all three bulletins rated “critical” also rate a “1” on Microsoft’s exploitability index (with MS10-042 addressing a vulnerability that is actively being exploited.)  Additionally, MS10-043 requires a reboot and affects Windows Server [...]

I recently helped a friend set up her new Win7 box – it was a breeze, especially when compared to (or perhaps because of) the Vista lappie I set up for her a couple of years back. We had to do it because her old box was still running WinXP SP2 – and we couldn’t [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this June 2010 Patch Tuesday Security Briefing.

It might be the start of summer, but there was little sunshine from Microsoft on Tuesday, as the company warned users that they have released ten security bulletins — three of which are critical, seven are rated important and all of which include an explicit or possible restart warning. The impact will be felt enterprise-wide, [...]

Identity theft is not the only concern associated with the decline in privacy at Facebook. The increased publicly available personal information on Facebook will undoubtedly fuel enterprise spear phishing attacks. Why hack the enterprises’ perimeter security when you can simply trick an insider into opening a file that installs malware?
The erosion [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this May 2010 Patch Tuesday Security Briefing.

Microsoft has released two security bulletins this month, MS10-030 and MS10-031 to address two vulnerabilities in Microsoft Windows and Microsoft Office, both rated Critical. As both bulletins are rated as critical, they will both demand a high priority in their deployment across the enterprise.
Details:
MS10-030 resolving one vulnerability affecting Outlook Express, Windows Mail and Windows Live [...]