Patch Tuesday: Here’s what’s new for Windows 7 and 8.1 (Neowin)

Neowin: Patch Tuesday: Here’s what’s new for Windows 7 and 8.1. “Today is Patch Tuesday, the second Tuesday of the month when Microsoft releases updates for all supported versions of Windows. While that means that all but one version of Windows 10 got cumulative updates, older versions like Windows 7 and Windows 8.1 get updates as well. If you’re still on Windows 7 SP1 or Windows Server 2008 R2 SP1, you’ll get KB4503292 as this month’s rollup.”

SecurityWeek: Google Researcher Finds Code Execution Vulnerability in Notepad

SecurityWeek: Google Researcher Finds Code Execution Vulnerability in Notepad. “Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor. Ormandy says he has reported his findings to Microsoft and the company has been given 90 days – per Project Zero’s vulnerability disclosure policy – to release a patch. Details of the security hole will be made public after 90 days or possibly sooner if Microsoft rolls out a fix.”

Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw. “In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two years, respectively.”

Bleeping Computer: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

Bleeping Computer: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler. “Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft’s monthly cycle of security updates. This exploit is the fifth in a string that started in late August last year. It achieves local privilege escalation, granting a limited user full control over files reserved for full-privilege users like SYSTEM and TrustedInstaller.”

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack

Threatpost: Microsoft Patches Zero-Day Bug Under Active Attack. “Among the other critical bugs patched, system administrators are urged to immediately deploy fixes for a Remote Desktop Services remote code-execution vulnerability (CVE-2019-0708). The bug is notable for a number of reasons. One, it’s ‘wormable’ flaw and has the potential to be exploited in a fast-moving malware attack similar to WannaCry. As a testament to its potential for havoc, Microsoft has also gone the extra step in deploying patches to Windows XP and Windows 2003 for the bug, neither of which is still supported via monthly Patch Tuesday updates.”

Patch Tuesday: Here’s what’s new for Windows 7 and Windows 8.1 (Neowin)

Neowin: Patch Tuesday: Here’s what’s new for Windows 7 and Windows 8.1. “Today is the second Tuesday of the month, meaning that all supported versions of Windows get updates. While that means that most versions of Windows 10 for their cumulative updates, there are also updates for older versions like Windows 7 and Windows 8.1.”