Windows

Patch now! Microsoft releases fixes for 99 security flaws, some being actively exploited by hackers

It’s one of the largest Patch Tuesday updates ever issued by Microsoft, and includes fixes for 12 security vulnerabilities that have been given the highest severity rating of “critical.”

The clock is ticking. IT teams should waste no time in readying themselves for a roll-out across the Windows computers for which they’re responsible.

WhatsApp flaw gave hackers access to files from Windows and Macs

If you run WhatsApp’s desktop client on your Mac or PC then you would be wise to make sure it’s up-to-date, following the revelation that a security researcher uncovered a critical security flaw.

Windows 7 definitely won’t ever receive any more bug fixes (errm… apart from this one for its wallpaper)

We definitely definitely absolutely won’t ever ever be releasing any more updates for Windows 7, said Microsoft earlier this month.

Now there’s an update on its way to fix a cosmetic bug in how Windows 7 displays users’ desktop wallpaper…

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.

27% of Windows users are still running Windows 7. They need to stop now

At 11am PST (7pm UK), Microsoft will release its last ever Patch Tuesday updates for Windows 7. After today, Microsoft says it won’t release any more security patches for the ageing operating system.

tripwire.com

BlueKeep: What you need to know

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.

But that may be about to change…

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.

bitdefender.com

Microsoft warns of wormable vulnerabilities in Windows

Microsoft’s security team warns that the remote code execution vulnerabilities could be abused by malware to spread from computer to computer without requiring any user interaction. Patch your systems now!

Read more in my article on the Hot for Security blog.

tripwire.com

Thousands of NHS computers are still running Windows XP from beyond the grave

Two years after the WannaCry ransomware outbreak shone a light on the computer security of the the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2,300 PCs running the outdated operating system.

Read more in my article on the Tripwire State of Security blog.

BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows

I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.

Prove me wrong. Patch now.

Smashing Security #131: Zap yourself from the net, and patch now against BlueKeep

Microsoft issues warning to unpatched Windows users about worm risk, and how do you delete all traces of yourself off the internet after you murder your podcast co-host?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system

Users have shared the private photos stored in their email and social networks with Ever – not realising that they were being used to feed a facial recognition system.

A third-party patch for Microsoft’s Internet Explorer zero-day vulnerability

Don’t want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue.

bitdefender.com

It doesn’t matter if you don’t use Internet Explorer, you could still be at risk from this IE zero-day vulnerability

Even if you don’t use Internet Explorer any more, it may still be posing a potential risk by being installed on your Windows PCs.

Read more in my article on the Hot for Security blog.

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Hackers poison Asus software updates, may have infected one million PCs

Hundreds of thousands of Asus PCs may have been infected with malware installed by Asus’s own automatic Live Update tool.