Ars Technica: Four wormable bugs in newer versions of Windows need your attention now. “Microsoft is warning of a four new Windows vulnerabilities that are “wormable,” meaning they can be exploited to spread malware from one vulnerable computer to another without any user action in much the way the self-replicating WannaCry and NotPetya outbreaks did in 2017.”
Windows
Krebs on Security: Patch Tuesday Lowdown, July 2019 Edition
Krebs on Security: Patch Tuesday Lowdown, July 2019 Edition. “Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.”
Neowin: Microsoft’s Chromium-based Edge browser now available for Windows 7, 8, and 8.1
Neowin: Microsoft’s Chromium-based Edge browser now available for Windows 7, 8, and 8.1. “Microsoft first started offering public previews of its new Chromium-based Edge browser over two months ago. At the time, it was for AMD64 Windows 10 PCs only, but since then, it’s expanded to x86 Windows 10 PCs, and to macOS. Today though, the firm announced that you can now test out the browser on older versions of Windows, including Windows 7, Windows 8, and Windows 8.1.”
Patch Tuesday: Here’s what’s new for Windows 7 and 8.1 (Neowin)
Neowin: Patch Tuesday: Here’s what’s new for Windows 7 and 8.1. “Today is Patch Tuesday, the second Tuesday of the month when Microsoft releases updates for all supported versions of Windows. While that means that all but one version of Windows 10 got cumulative updates, older versions like Windows 7 and Windows 8.1 get updates as well. If you’re still on Windows 7 SP1 or Windows Server 2008 R2 SP1, you’ll get KB4503292 as this month’s rollup.”
SecurityWeek: Google Researcher Finds Code Execution Vulnerability in Notepad
SecurityWeek: Google Researcher Finds Code Execution Vulnerability in Notepad. “Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor. Ormandy says he has reported his findings to Microsoft and the company has been given 90 days – per Project Zero’s vulnerability disclosure policy – to release a patch. Details of the security hole will be made public after 90 days or possibly sooner if Microsoft rolls out a fix.”
Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw
Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw. “In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two years, respectively.”
ZDNet: Microsoft kicks off the rollout of the Windows 10 May Update, version 1903
ZDNet: Microsoft kicks off the rollout of the Windows 10 May Update, version 1903. “It’s technically ‘late May.’ So it’s not too surprising that Microsoft’s promised late May rollout of the Windows 10 May 2019 Update (also known as 1903) is kicking off today, May 21. “
