Martijn Lammerts
My own digital place with a little of everything

Another Spectre-Like CPU Vulnerability

22 May 2018
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities. Spectre...
Continue reading...

Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities

9 May 2018

For May 2018, Microsoft’s monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.

The post Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities appeared first on .

Continue reading...

Microsoft’s April Patch Tuesday Fixes Remote Code Execution Vulnerabilities in Fonts and Keyboard

11 April 2018

Microsoft has rolled out its Patch Tuesday for April to address security issues in Internet Explorer (IE), Edge, ChakraCore, Visual Studio, Microsoft Office and Office Services and Web Apps, and Malware Protection Engine. Of the 67 listed vulnerabilities, 24 were rated critical. Eight of these were disclosed through Trend Micro’s ZDI program.

The post Microsoft’s April Patch Tuesday Fixes Remote Code Execution Vulnerabilities in Fonts and Keyboard appeared first on .

Continue reading...

4053440 – Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields – Version: 3.0

9 January 2018
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsoft Excel that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the up...
Continue reading...

4053440 – Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields – Version: 2.0

12 December 2017
Revision Note: V2.0 (December 12, 2017): Microsoft has released an update for all supported editions of Microsoft Word that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the u...
Continue reading...

4053440 – Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields – Version: 2.0

12 December 2017
Revision Note: V2.0 (December 12, 2017): Microsoft has released an update for all supported editions of Microsoft Word that allows users to set the functionality of the DDE protocol based on their environment. For more information and to download the u...
Continue reading...

4056318 – Guidance for securing AD DS account used by Azure AD Connect for directory synchronization – Version: 1.0

12 December 2017
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advisory to provide information regarding security settings for the AD DS (Active Directory Domain Services) account used by Azure AD Connect for ...
Continue reading...