Patch Tuesday April 2017

Patch Tuesday April 2017Patch Tuesday April 2017: lots of security showers for your business this month. Please take time this Easter to update all your devices.

Apple Bytes

Apple released a very important update for the iPhone in the last few weeks. This update prevents your phone from being hijacked by drive-by infected routers. Be sure to patch your iPhone as soon as possible.

Apple also released updates for iTunes, Garageband (yes, you can get hacked via Garageband, not a happy tune), mac OS X and all the Ithingys.

There is also a critical security update for Office for Mac. Hackers are exploiting a vulnerability in Word.

Windows 10 Creator Update

Microsoft released a massive update for Windows 10. Most of the changes are not visual so you won’t see the difference. Most of the changes are functional: improvements to Windows Defender, Edge browser and Windows Updates. With Windows Updates, you will finally be able to defer updates so they don’t bork your computer during business hours.

Windows 10 Creators Update pauseOther Microsoft Mayhem

Critical security patch for all versions of Office: yes, it’s 2017 and you can still get hacked via Word.

Microsoft also released patches for Edge, Internet Explorer, WordPad, .NET framework and the list goes on.

Expect these updates to slow down your network while they download and then busy your computer while they install.

Android Agony

Google released a critical update to prevents your phone from being hacked via drive-by wifi.

Five other patches released.

Please update your phone as soon as possible. Android is the next frontier in hacking.

Adobe Hot Flash

There’s a shocker: Adobe released updates yesterday for Flash, Reader and Creative Suite desktop application. Also Photoshop gets patched.

Patch your devices and enjoy your Easter in peace.

 

Patch Tuesday January 2017

Patch TuesdayPatch Tuesday January 2017: all the patch news you need for your business this month.

Patch Tuesday January 2017

First some general news. CVE Details, a group that tracks most of the tech world vulnerabilities, released their 2016 list of top vulnerabilities. Android had the most security holes last year but by vendor, Adobe tops the list mainly for Flash.

After analyzing the top list for 2016 by product and vendor, I recommend you patch Android devices first, then Apple devices (both iThingys and OS X devices) and then Microsoft. The reason why I picked Apple is that it is number 4 on the list per vendor (behind Microsoft) but people neglect Apple updates. And they underestimate the threat to Apple products. There are lots of ransomware apps and browser hijackers aimed at Apple products.

Adobe Agony

Adobe Reader UpdateWhat a surprise, yet another Hot Flash update from Adobe this month for both Windows and Mac users. And it fixes vulnerabilities Adobe says are not being used by hackers yet. Give the hackers a day to backwards engineer the patch.

The most appalling update from Adobe this month is for Acrobat and Reader. As usual Adobe is bundling crapware with this security update. But what they are concealing is that in the update is an add-in for Chrome which sends telemetry back to Adobe. So Adobe is using this update to spy on your browsing of PDFs files on the Internet.

You can uninstall this add-in in Chrome but really. This why people don’t like to run updates.

Microsoft Mayhem

Windows UpdatesIt’s 2017, and your computer can still be hacked via Word. It’s amazing.

Besides fixing a Word security problem, only three other updates from Microsoft this month.

I suspect this is a light load while they prepare the new big update for Windows 10 aka Creator’s Update that is due out in the next few months.

WordPress Woes

The WordPress core was just updated last month to version 4.7. And now there is version 4.7.1. This is a security update for vulnerabilities that are actively being hacked. Protect your website and update the WordPress core, all plugins and themes. Be sure to back up your site before you do the update.

An ounce of patching is better than a pound of hacking.

WordPress updates

Patch Tuesday November 2016

Patch TuesdayPatch Tuesday November 2016: lots of security goodness for all your business devices!

Apple bytes

Apple released updates for most of their devices at the end of October as part of their new product rollout. Even the Apple Watch and Apple TV got updates.

Most important were the security updates for OS X Sierra, El Capitan and Yosemite. Be sure to install that update ASAP.

iOS was updated to version 10.1.1. That update applies to iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later.

iTunes and iCloud for Windows were both updated.

Office for Mac was also updated for security by Microsoft.

Microsoft Updates

Microsoft released 14 patches this Tuesday affecting everything. Yes, it will take a long time to download these patches and yes you will have to restart the computer after.

Updates included patches for Office, Internet Explorer/Edge, and various parts of the operating system and the Microsoft version of Flash.

One of the patches fixes a security hole that hackers are actively exploiting.

Adobe Hot Flash

Another lunar cycle and another hot Flash security update from Adobe. Again this patch fixes a security hole that hackers are actively making merry with. You can get this patch directly here.

While there were no new updates for Adobe Reader/Acrobat this month (lots last month), Adobe released a security update for the Windows version of their Connect software.

Android Agony

Google released a big security patch that squashes 82 vulnerabilities for Android. Hopefully your Android vendor will push out the patch to your device.

One big vulnerability, known as “Dirty Cow” , is not yet patched. It’s expected for next month’s round of Android patches.

WordPress and Wix

WordPress core remains at 4.6 but version 4.7 is expected to land soon.

All the popular plugins have updates this month: backupbuddy, iThemes security, Yoast SEO, JetPack.

Check your dashboard monthly for updates

Wix websites need to be patched ASAP as a nasty security hole has been plugged. Check your dashboard or call your website designer to make sure your Wix website has been updated.

A ounce of patching is better than a pound of hacking.

 

 

Patch Tuesday October 2016

Patch TuesdayPatch Tuesday October 2016: all the patch news you need this month for your business.

Windows 10 Woes

Among the 10 patches/bulletins released one week, one of them is a show stopper for Windows 10. As folks have been updating I am getting calls of dead or looping Windows 10 computers. It’s usually happening to computers in 4 years old range. Still investigating but it looks like a patch and some antivirus products are conflicting in the boot process so the computer won’t get even close to the login screen. Yikes!

Other Microsoft updates

Internet Explorer/Edge browse received a big security update. Also all version of Office still supported. Just a reminder Microsoft officially only supports Office 2013, Office 2016 and Office 365 now.

Hot Flash

Another Hot Adobe Flash patch harvest this month. Please Adobe, can you fix your product? Windows updates Flash for Edge as part of Patch Tuesday but if you are running Firefox on top of Windows (like most sane people do) you need to update this separately from the Adobe web site here. Remember to uncheck all the unwanted crapware they insist on bundling with the security update.

Adobe also released security updates for Acrobat and Reader products. In the program, go to Help on the menu and click Check for Updates.

But wait, there’s more. Also an update for Creative Cloud desktop software.

These updates are for both Mac and Windows Users.

Apple forcefeeds Sierra

Unbelievably Apple has taken a page from Microsoft and will automatically download the new OS X Sierra to your Mac if you have updates enabled. Gee what could wrong? Just ask Windows users. Program compatibility issues, hardware issues to name the biggest annoyances.

WordPress Whirlwind

WordPress core is still at 4.3 but lots of updates for plugins. Be sure to backup your website before doing the updates. Also, do the plugin updates in small batches, no more than 3 at a time. Otherwise you can get WordPress wobbles.

Java Jive

Oracle released a critical update to Java October 18th. Java is a plugin required by some websites to work properly. Install this update as soon as possible. If it prompts you to remove the previous version of Java, say yes.

Oracle is being sued in the United States.for how they updated Java in the past without removing the previous buggy versions.

An ounce of patching is better than a pound of hacking.

Patch Tuesday July 2016 news: hot off the printer

Patch Tuesday July 2016Patch Tuesday July 2016 news: hot off the printer.

Hot print

Microsoft released 11 patches yesterday for all versions of Windows and Office, six of them critical.

The most important patched fixed a 20 year old printer driver vulnerability (yes, it goes all the way back to Windows 95).

Always get your printer driver directly from the manufacturer. Dodgy drivers pave the road to malware.

More details about the printer vulnerability here.

More details about all the Microsoft patches yesterday here.

It won’t take long for hackers to reverse engineer these patches, so schedule an hour this week to update your Windows and Office software.

Hot off the WordPress

Lots of WordPress updates this month.

WordPress itself is updated to version 4.5.3.

Lots of plugin updates followed this event:

  • BackupBuddy 7.1.5.1
  • Jetpack 4.1.1
  • Quiz and Survey Master 4.7.6
  • Yoast SEO 3.3.4
  • WordFence Security 6.1.1.0

Most important plugin update? The All-In-One SEO plugin was updated to fix a nasty vulnerability. More information on that update here.

Be sure to update your WordPress web site monthly. If you don’t know how to do this, please contact me. You don’t want clients or potential clients getting malware from your web site.

Hot Flash

Adobe patched Flash yesterday for a stunning 57 vulnerabilities. The update is required for Mac, Windows and even Linux.

As a security bonus, Adobe also patch Adobe Reader and Adobe Acrobat.

Norton Burn

Updated your antivirus software recently? Always good to check if the program itself needs updates (not just the virus definitions).

Norton/Symantec users definitely need to update their software this month after the discovery of a nasty targeting that software. More information about the Norton/Symantec program problem here.

Be sure to spend some time this week updating and patching all your devices. An ounce of patching prevents of a pound of hacking.

Patch Tuesday June 2016

Patch TuesdayPatch Tuesday June 2016: lots of Flashy updates this month for your small business.

Adobe Flash

Just uninstall Adobe Flash if you don’t need it. To find out if you need it, uninstall it. See what web sites you use are now broken.

There is one update for Flash today. But wait, there’s more.

There is a critical flaw even in the newest version that is being exploited by hackers. Adobe expects to release yet another patch on June 16th.

Adobe also released a security patch for Creative Cloud Desktop, both Mac and Windows version.

Android Agony

Google continues to release security updates for Android and the manufacturers and the telcos still can’t be bothered to push the patches out to people’s devices. Given that there are lots of Android hacks out there, this is borderline criminal. There’s even ransomware for Android based smart TVs now.

Samsung did release an update for the Galaxy 5 with promises that updates for Galaxy 6 are close behind.

Office and other Microsoft patches

Microsoft released updates for all version of Office (yes, this mean Mac versions too) today.

And five critical patches for Windows, Internet Explorer and the new Edge browser that comes with Windows 10.

Your Windows computer will restart at least once with this bundle of update joy.

WordPress

The WordPress core remains at version 4.5.2. But lots of updates for popular plugins.

Plugins recently updated:

  • Akismet spam filter
  • Jetpack
  • WooCommerce
  • Yoast SEO
  • Backup Buddy
  • Yoast SEO
  • Quiz and Survey Master.

Be sure to log in to your WordPress site and check for updates at least once a month.

Apple bites

Apple announced iOS 10 at it’s annual developer conference on the 13th. Lots of groovy features but not all iThingys are supported. Notably iPhone 4 will not be eligible for the upgrade.

Rumour is the iOS 10 will be available in the fall.

More iOS 10 and other announcements from the conference here.

 

Patch Tuesday May 2016

Patch Tuesday May 2016Patch Tuesday May 2016: Flash and lots of sizzle. Already there are two zero day vulnerabilities, one for a Microsoft update and one for Flash. Patch Microsoft now and uninstall Flash if you can.

Microsoft: More, more, more

Microsoft wins the Patch Tuesday race this month with 7 critical and 9 important security updates. Patches affect all current version of Windows and Office.

And our favourite hot Flash is getting a fix too. More technical details here.

Microsoft also released their Security Intelligence Report for July to December 2015. Most interesting detail is that hackers are still targeting  a six year old vulnerability in Windows 7 which has been patched eons ago.

The moral of that story is that you need to patch your existing operating system and upgrade to newer operating systems (vulnerability does not exist in Windows 8 or 10).

More Android Agony

Google released 40 patches for Android on May 2nd.

Twelve of the fixes patch critical vulnerabilities in version 4.4.4 and higher. About 74% of Android devices run Android 4.4.4 and higher.

Nexus devices (5, 6, 7 and 9) will get the updates automatically.

Otherwise you have to wait for your carrier and/or gadget manufacturer to okay the updates and push them out.

Avoid dodgy apps and unsolicited videos.

More details here.

Apple byte

Only one update from Apple this month for El Capitan v.10.11 or higher. This security update is for Xcode 3.1.1.

Plug your WordPress Plugins

No updates for WordPress itself but several updates for popular plugins.

Yoast SEO needs to be patched to version 3.2.5

Wordfence required patching to 6.17.

Quiz and Survey Master jumps from 4.7.0 to version 4.7.1.

Be sure to login to web site dashboard and patch all your plugins.

Adobe Reader Agony Again

Security updates for Adobe Reader DC and Acrobat.

You can update both programs by going to the Help menu and clicking on Check For Updates.

Patch Tuesday leads to Exploit Wednesday when you don’t patch.

Patch Tuesday April 2016

Patch TuesdayPatch Tuesday April 2016: April showers bring security yowlers.

Microsoft sprouts

Microsoft produced a lucky thirteen patches today. One of the patches only affects folks using the Hyper-V technology.

Lots of patch action for everyone else. One of the patches affects all versions of Office including Office for Mac. Several updates for the browsers, both Edge and Internet Explorer and all current versions of Windows (current means Windows 7, Windows 8 and Windows 10).

Hopefully none of these patches will bork Windows 10. Increasingly I am seeing clients with Windows 10 machines that are practically unusable after a Windows update.

Microsoft also released a security advisory for Windows folks using Microsoft wireless mouses. This includes the popular Sculpt and ergnomic models from Microsoft. Expect driver updates with your Windows updates.

More technical details on the Microsoft updates here.

Hot Flash Flowers

Adobe released yet another critical, urgent update for Flash last week. Get your update directly from Adobe and be sure to uncheck the crapware they’ve bundled with it. Applies to both Mac and Windows.

There’s also a security update for the Creative Cloud desktop application for both Mac and Windows. Adobe mentions you can update the program within the application but is light on details.

And one more update from Adobe, no not the hacker favourite Adobe Reader, this one is for the Windows version of RoboHelp server.

Apple Blossoms

Apple blossomed with updates March 21st as part of the new product rollout.

Critical updates for all iThingys, Apple TV, Apple Watch and Macs.

The update that caused problems for earlier iThingys has been fixed so it should be safe to update now.

More exhaustive details here.

Patch Tuesday April 2016

WordPress World of Updates

WordPress has leaped ahead to version 4.5.

Accordingly there are a ton updates for both themes and plugins.

Be sure to log in to your dashboard, backup your web site and update away.

 

Patch Tuesday March 2016

Patch Tuesday

Patch Tuesday March 2016: more security patch madness for your small business. Time to stop smelling the spring flowers and start updating your computers.

Android Agony

Google released a slew of security patches affecting Android version 4.4 and up. Most of them are rated critical or high security threat.

The only problem is that the hardware manufacturers are slow pushing these updates out to their phones if at all.

More details on the Android Security Agony.

Microsoft Mayhem

Windows updates and Office for Mac updates blossomed today. Thirteen in total.

It’s really critical to keep your Office software up to date as it is being favoured as a target by hackers right now.

One of the targets is an oldie but a goodie: malicious macros for Word. Remember not to open attachments from strangers. Absolutely do not enable macros.

More on the Microsoft updates.

Apple

After all the excitement last month, only one patch from Apple this month for Apple TV. Good opportunity to get caught up on last month’s patches for OS X and iOS devices if you haven’t done so yet.

In other Apple security news, hackers have created the first ransomware that specifically targets Mac OS X computers. I hope Apple will deal with this in next month’s updates.

Adobe Agony

Rumours abound that there will be yet another hot Flash update soon. But just in case you missed updating an Adobe products there are updates for Adobe Reader and Adobe Digital Editions.

WordPress Whirlwind

No update for the WordPress core this month but version 4.5 is now in beta and expected to be released in April. More details on WordPress 4.5 with screenshots.

Several popular plugins were updated this month including Akismet spam filter, iThemes Security, WordFence, BackupBuddy and Yoast SEO.

Be sure to login to WordPress dashboard and run the updates as soon as possible.

An ounce of patching is better than a pound of malware.

Patch Tuesday February 2016

Patch Tuesday February 2016Patch Tuesday February 2016: time to give your computers lots of security love.

WordPress Woo

The latest version of WordPress, version 4.4.2, was recently released with several critical security updates. Accordingly there are updates for lots of popular plugins to match.

Go to the your WordPress Dashboard and run your updates. Use BackupBuddy or VaultPress to backup your site before and after the updates.

If you don’t know how to do this, please contact me or your web designer for assistance. You don’t want your company web site spewing malware to potential clients.

Flash in the Pan

What a surprise! There’s a hot Flash update available to fix security problems again with Adobe Flash. Go to Adobe.com and click on Flash player for the update.

On the bright side Google announced that it will soon no longer allow Flash ads dousing a hot sore of malware.

Java Jive

Oracle released not one but two doses of security caffeine for Java in the last few weeks.

Go to www.java.com to update your Java. When it asks, say yes to uninstall old versions of Java from your computer.

Windows Woo

Tons of security updates from Microsoft for all current versions of Windows and Office produces. And even the Edge Browser.

The latest updates are causing some stability problems while updating Windows 10. The start button is non responsive. Use Ctrl-Alt-Delete key combination to update and restart the computer properly.

More on the Microsoft patches here.

Apple bites

Apple released security updates for El Capitan, Mavericks, Yosemite, iOS affecting iPhones and iPods, and even a security update for Apple TV.

Apple software updates are your new love this month.

Details here.

Show your digital devices some security love this week and patch away!