Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft’s Malware Protection Engine Vulnerable

    Posted on December 7th, 2017 at 02:23 Kirsty Comment on the AskWoody Lounge

    Gunter Born has posted a new topic here on a vulnerability in Defender & Security Essentials:

    I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.

    He is calling for information and insights. Can you help?

    Check it out here:
    Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    UPDATE:

    Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated.

  • Is Wi-Fi security irretrievably broken?

    Posted on October 15th, 2017 at 19:45 woody Comment on the AskWoody Lounge

    There’s a lot of buzz this weekend about a flaw that’s purported to break security on most Wi-Fi connections, allowing an eavesdropper to snoop or use the connection without permission.

    Said to involve CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088, when they’re posted.

    See this thread from @campuscodi and be watching Bleepingcomputer tomorrow for details.

  • Microsoft Edge has inherited many of Internet Explorer’s security holes

    Posted on December 9th, 2015 at 11:47 woody Comment on the AskWoody Lounge

    Looking at recent patch lists for IE and Edge has me wondering how many of IE’s warts will continue to haunt us

    InfoWorld Woody on Windows

  • Ten bulletins, 31 patches, a million potential problems

    Posted on June 10th, 2009 at 07:06 woody Comment on the AskWoody Lounge

    There’s a huge crop of patches waiting for you, covering 31 separate vulnerabilities, and I dunno-how-many different downloads.

    As usual, the best overview is at the SANS Internet Storm Center.

    Bottom line (tell me if you’ve heard this one before): don’t use Internet Explorer. Apparently none of the bad problems (except the ones in IE) have exploits that you need to worry about. Don’t apply any patches until the screams have subsided.

    We remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Oh. Don’t forget to patch Acrobat Reader, if you have it. Adobe just fixed 13 security holes in Reader. You could take advantage of the unease you’re feeling right now and install Foxit reader, which works just fine most of the time and has a significantly better track record for fixing security holes.

    An interesting note: several of you have asked how Microsoft and industry pundits count the number of bugs: Gregg Keizer at ComputerWorld reports, for example, that this monster set of patches fixes 31 security holes – a record, by his estimation. Brian Krebs at the Washington Post echoes the statement. Brian credits Symantec.

    All of these people are counting the number of CVEs that Microsoft claims to fix in the security bulletins. CVEs are “Common Vulnerabilities and Exposures” listed and maintained by the MITRE organization, which is an independent non-profit originally associated with MIT. Each CVE number corresponds to one or more identified security holes. While the CVE count is a better indicator of how many holes have been patched than the number of security bulletins, it frequently doesn’t differentiate between different versions of programs, and other subtleties.