Trending February 2024 # Windows 10 April Patch Tuesday # Suggested March 2024 # Top 11 Popular

You are reading the article Windows 10 April Patch Tuesday updated in February 2024 on the website Cancandonuts.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested March 2024 Windows 10 April Patch Tuesday

Windows 10 April Patch Tuesday [DIRECT DOWNLOAD LINKS]

3

Share

X

Once a month, Microsoft releases a round of major updates called the Patch Tuesday Updates.

Each version of Windows 10 has a different cumulative update, each with its own changelog.

We will be providing you with changelogs, as well as links to the Windows Update Catalog.

Based on your version of Windows 10 and the changelog, you can decide whether to install the update or not.

Now that the 13th of April is here and it’s past 10 AM PST, Microsoft has just released their newest round of monthly updates called the April Patch Tuesday Updates.

For those of you that don’t know, Patch Tuesday updates are an important part of the Windows update experience, since they bring tones of fixes and enhancements to the OS, along with security improvements.

Well, this month’s updates are no different, and not only will we be including detailed changelogs for each cumulative update, but we will also be providing you with direct download links to the Windows Update Catalog.

This is so that you can get the updates as soon as they become available, even if they aren’t yet available in your region.

Table of content Windows 10, version 20H2

As of the writing of this article, Windows 10 v20H2 is the latest major version of Windows 10, and as such has the most experimental features on it.

Fortunately, most bugs that were first present when it was first made available have been weeded out, and this version of Windows 10 is far more stable.

That being said, you should upgrade to this version as soon as possible if your hardware allows it (the system requirements are the same as with Windows 10 v2004).

If you haven’t updated to Windows 10 v20H2, know that it is easiest to update if you already have Windows 10 v2004. Check out this in-depth guide on how to get Windows 10 v20H2 as fast as possible.

Cumulative update name:

Improvements and fixes:

Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2024-17049 protections and configured PerfromTicketSignature to 1 or higher.

These updates were released between November 10, 2023 and December 8, 2023. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.

Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2024-1036 and KB4570006.

Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2024 and Windows Server 2023) and Windows Server SAC releases (Windows Server, version 1803 and later versions).

Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2024-27092 and Policy CSP – Authentication.

Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media.

Known Issues:

System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10.

Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2023 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2023 or later integrated.

This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

Tip

When using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.

Tip

Devices with Windows installations created from custom offline media or custom ISO image might have Microsoft Edge Legacy removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2023 or later.

Tip

Windows 10, version 2004

Windows 10 v2004 shares the same core system as Windows 10 v20H2, so all updates, fixes, and improvements applied to one are the same as the other.

Cumulative update name:

Same as Windows 10 V20H2

Improvements and fixes:

Same as Windows 10 V20H2

Known Issues:

Same as Windows 10 V20H2

Windows 10, version 1909

Windows 10 v1909 shares a core structure, core operating system, and an identical set of system files with Windows 10 v1903.

Because of this, all cumulative updates that apply to one version are available to the other as well.

Cumulative update name:

Improvements and fixes:

Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2024-17049 protections and configured PerfromTicketSignature to 1 or higher.

These updates were released between November 10, 2023 and December 8, 2023. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.

Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2024-1036 and KB4570006.

Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2024 and Windows Server 2023) and Windows Server SAC releases (Windows Server, version 1803 and later versions).

Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2024-27092 and Policy CSP – Authentication.

Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.

Known Issues:

System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10.

Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2023 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2023 or later integrated.

This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

Tip

Windows 10, version 1809

According to Microsoft, users that still have the Home, Pro, Pro for Workstation, and IoT Core editions of Windows 10 V1809 should know that it reached End of Service back in November 2023.

Cumulative update name:

Improvements and fixes:

Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2024-17049 protections and configured PerfromTicketSignature to 1 or higher.

These updates were released between November 10, 2023 and December 8, 2023. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.

Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2024-1036 and KB4570006.

Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2024 and Windows Server 2023) and Windows Server SAC releases (Windows Server, version 1803 and later versions).

Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see CVE-2024-27092 and Policy CSP – Authentication.

Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.

Known Issues:

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

Windows 10, version 1803

Microsoft first announced that Windows 10 v1803 will reach the end of mainstream support, and starting with July there wouldn’t be any more optional, non-security releases for this version of Windows 10.

Expert tip:

Cumulative update name:

Improvements and fixes:

This security update includes quality improvements. Key changes include:

Updates the default values for the following Internet Explorer registry keys:

svcKBFWLink = “” (empty string)

svcKBNumber = “” (empty string)

svcUpdateVersion = 11.0.1000.

    In addition, these values will no longer be updated automatically. 

Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.

Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.

Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2024-1036 and KB4570006.

Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2024 and Windows Server 2023) and Windows Server SAC releases (Windows Server, version 1803 and later versions).

Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.

Security updates to the Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.

Known Issues:

Microsoft is not currently aware of any issues with this update.

Windows 10, version 1607

Note: Windows 10, version 1607 has reached the end of service for all of its available editions. Update to the latest version of Windows 10 in order to keep your system protected.

Cumulative update name:

Improvements and fixes:

This security update includes quality improvements. Key changes include:

Updates the default values for the following Internet Explorer registry keys:

svcKBFWLink = “  ” (string with one empty space)

svcKBNumber = “  ” (string with one empty space)

svcUpdateVersion = 11.0.1000.

    In addition, these values will no longer be updated automatically. 

Address an issue that causes a system to stop working occasionally when users sign out or disconnect from remote sessions.

Addresses an issue with a heap leak that might cause  chúng tôi  to consume high amounts of memory.

Updates the Volgograd, Russia time zone from UTC+4 to UTC+3.

Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan.

Addresses a race condition that causes PowerShell to stop working periodically and generates an Access Violation error. This issue occurs when you enable transcription on the system and run multiple PowerShell scripts simultaneously.

Addresses an issue that causes the sleep time defined in HKLMSoftwareMicrosoftAppVMAVConfigurationMaxAttachWaitTimeInMilliseconds to be shorter than intended.

Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2024-17049 protections and configured PerfromTicketSignature to 1 or higher.

These updates were released between November 10, 2023 and December 8, 2023. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.

Addresses an issue with high memory usage when performing XSLT transforms using MSXLM6.

Addresses an issue in  chúng tôi  that might cause stop error 0x7E.

Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2024-1036 and KB4570006.

Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2024 and Windows Server 2023) and Windows Server SAC releases (Windows Server, version 1803 and later versions).

Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.

Security updates to Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, and Windows Media.

Known Issues:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Windows 10, version 1507

Note: Windows 10, version 1507 is the oldest version of Windows 10 still active, and it has reached the end of service for some time now.

If your hardware allows it, update to a much newer version of Windows 10.

Cumulative update name:

Improvements and fixes:

This security update includes quality improvements. Key changes include:

Updates the default values for the following Internet Explorer registry keys:

svcKBFWLink = “  ” (string with one empty space)

svcKBNumber = “  ” (string with one empty space)

svcUpdateVersion = 11.0.1000.

     In addition, these values will no longer be updated automatically. 

Updates the Volgograd, Russia time zone from UTC+4 to UTC+3. 

Adds a new time zone, UTC+2:00 Juba, for the Republic of South Sudan. 

Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the RemoteFX vGPU feature. For more information about the vulnerability and its removal, see CVE-2024-1036 and KB4570006.

Secure vGPU alternatives are available using Discrete Device Assignment (DDA) in Windows Server LTSC releases (Windows Server 2024 and Windows Server 2023) and Windows Server SAC releases (Windows Server, version 1803 and later versions).

Addresses an issue that prevents you from specifying up to 255 columns when you use the Jet Text installable indexed sequential access method (IISAM) format.

Security updates to Windows Apps, Windows Input and Composition, Windows Office Media, the Windows AI Platform, Windows Fundamentals, Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.

Known Issues:

Microsoft is not currently aware of any issues with this update.

This completes our articles covering the latest changes to come this Patch Tuesday. Depeinding on what version of Windows 10 you’re running, applying the latest cumulative updates may seem more or less appealing.

However, if you value your PC’s security and don’t want to fall victim to things like Exploit Wednesday or Uninstall Thursday, you should get the latest updates as soon as possible.

Speaking of getting the updates, manually installing the cumulative updates via the Windows Update Catalog isn’t the only means of updating your PC.

Remember that you can update your Windows 10 Pc by using the following methods:

The Windows Update menu on your OS

The WSUS (Windows Server Update Service)

Group Policies set up by your admins if you’re part of a larger network.

Alternatively, there’s also the option of postponing the updates until you see more promising changelogs.

During this time, you can opt to protect your system using third-party antivirus tools.

Was this page helpful?

x

Start a conversation

You're reading Windows 10 April Patch Tuesday

Microsoft Patch Tuesday Kills Off Windows 8 And Internet Explorer 8, 9, And 10

You’ve heard of Christmas in July. Well how about spring cleaning in January? Microsoft is kicking off 2024 with arguably its most significant Patch Tuesday in months. As of today, Microsoft bids goodbye to all but one version of Internet Explorer and a Windows release it would rather forget.

The biggest item on the chopping block is Windows 8. Not Windows 8.1—that sweeping update is still supported—but the original, non-Start button version of Windows 8. After Tuesday’s updates, Microsoft will cease support for the 3 year, 2 month, and 17-day old operating system. That means Windows 8 is going the way of Windows XP; no more security updates, no bug fixes, nothing.

Users still on Windows 8 will have to upgrade to Windows 8.1 or make the jump to Windows 10. Both are free upgrades for Windows 8 users at this writing. That may be problematic for some if you have an oddball PC that is no longer supported by a manufacturer and thus missing drivers for a smooth experience. Other than that small minority of users, everyone else should dump Windows 8 as soon as possible.

If you’re going from Windows 8 to Windows 8.1, remember that the upgrade happens via the Windows Store and not Windows Update.

The story behind the story: Windows 8 was supposed to be a revolutionary OS that had two different interfaces, built to run on both PCs and tablets. The idea was inherently flawed and ultimately failed. Microsoft tried to improve the situation by adding features PC users wanted in Windows 8.1, but it really wasn’t until Windows 10 that Microsoft’s vision of a single OS running everywhere came to satisfying fruition.

IE goes to eleven

There can be only one.

Windows 8 is going to have some company in the dustbin of history. Microsoft plans to discontinue almost all support for Internet Explorer 8, 9, and 10. This issue only affects Windows 7 users who haven’t upgraded to IE11, and Windows 8 users who must upgrade to Windows 8.1 or 10 to get the latest version of IE.

Everyone else—Windows 8.1 and Windows 10 users—already have IE11 as it came built into their systems. In fact, Windows 10 users are barely affected since the built-in browser of choice for Microsoft’s latest OS is the new Edge browser.

If you can’t be bothered to check don’t sweat it. A patch rolling out today for Windows 7 will detect the version of IE you have and then continue to bug you until you upgrade.

The only exception to the end of IE versions 8 through 10 will be Windows Vista, which will continue to get support for Internet Explorer 9. IE9 was the last version of the browser built for the OS. But that support won’t run for much longer. Microsoft will end support for Vista in April 2023, which means the OS will cease receiving security updates all together—just like Windows 8 and XP.

Microsoft’s latest round of security patches start rolling out Tuesday but may take a few days before they land on your system.

Record Patch Tuesday Hits Older Software Hardest

Today is Microsoft’s monthly Patch Tuesday, and as predicted October sets a new record for security bulletins in a single month. More than ever, IT admins need to understand the risks and prioritize the various patches to effectively manage the deluge of updates, and protect vulnerable systems as efficiently as possible. This month also demonstrates yet again that legacy software is inherently less secure.

Storms added “This month it’s more important than ever to be able to prioritize the release. The Internet Explorer bulletin along with the Embedded OpenType bug fixes should make it to the top of the list for everyone because they can both be used for dangerous drive-by attacks. Consumers and corporate enterprise teams must make sure these patches get installed as quickly as possible.”

James Walter, manager of the McAfee Threat Intelligence Service points out, “The volume is indicative of a trend we are seeing among various software vendors. As the awareness of vulnerabilities increases, the number of patches gets bigger as well.”

Jason Miller, data and security team leader for Shavlik Technologies, has a more detailed explanation for the dramatic rise in security bulletin volume. “There are a couple of factors that are coming into play for this. First, Microsoft is the grandfather of patching and has spent years refining their process to develop the mature patching process we see today. Second, Microsoft is working closer than ever with security researchers in their Coordinated Vulnerability Disclosure (CVD) program.”

Miller continued, “By working with researchers, Microsoft is closing the gap on the time to release fixes for vulnerabilities found. This is a key factor that a lot of people have been asking for, so we shouldn’t be too surprised that we are seeing an uptick in security bulletins.”

Joshua Talbot, security intelligence manager, Symantec Security Response provided this analysis. “Perhaps most notable this month is the number of vulnerabilities that facilitate remote code execution. By our count, 35 of the issues fall into this category. These are bugs that could allow an attacker to run any command they wish on vulnerable machines.”

While consumers should simply use the Windows Automatic Update to check for and apply any necessary patches, IT admins generally don’t have it so easy. Software updates have to be tested and validated to ensure they don’t have bugs themselves, or cripple functionality for other applications. With such a large number of updates to address all at once, it is critical for IT admins to review the Severity and Exploitability Index provided by Microsoft, and apply the information based on the exposure and risk to critical systems to develop a logical approach to implementing the patches.

As nCircle’s Tyler Reguly points out, the bigger issue is that once again the writing is on the wall illustrating why businesses need to focus on upgrades and migrating to newer operating systems and applications that have better inherent protection and security controls. “The most important message this month is ‘upgrade’. This month should be a wakeup call for anyone still running Office XP, the number of vulnerabilities affecting only that product are a clear indicator that it’s time to upgrade to a newer version, perhaps Office 2010, which has only a single CVE affecting it.”

Get Ready For The October 2023 Adobe Patch Tuesday Updates

Get ready for the October 2023 Adobe Patch Tuesday updates

233

Share

X

Are you waiting on your monthly Patch Tuesday update rollout?

Adobe has just finished releasing a new set of patches today.

All the download links you need are right here in this article.

X

INSTALL BY CLICKING THE DOWNLOAD FILE

To fix Windows PC system issues, you will need a dedicated tool

Fortect is a tool that does not simply cleans up your PC, but has a repository with several millions of Windows System files stored in their initial version. When your PC encounters a problem, Fortect will fix it for you, by replacing bad files with fresh versions. To fix your current PC issue, here are the steps you need to take:

Download Fortect and install it on your PC.

Start the tool’s scanning process to look for corrupt files that are the source of your problem

Fortect has been downloaded by

0

readers this month.

We’re pretty sure that many of you have been anxiously waiting for the Adobe Patch Tuesday rollout, and we’re here to make it a bit easier for you to find what you’re looking for.

Indeed, Microsoft isn’t the only company that has such a rollout on a monthly basis, so in this article, we’re going to talk about Adobe and some of the patches for their products.

And, as you know we do every month, we will also include links to the download source, so you don’t have to scour the internet to find them.

Before we begin, let’s also take a look at what happened in September 2023, when Adobe released 63 CVEs in four patches for InDesign, InCopy, and Photoshop.

The highlight of last month’s release was definitely the Photoshop update which addressed a combination of 10 CVEs, nine of which are rated as critical.

It should absolutely go without saying that the most severe of these could allow code execution if an attacker convinces a target to open a specially crafted file.

Now that that’s out of the way, let’s get back to the present and explore what the company has prepared for its users as a part of the October batch of patches.

ColdFusion

The fix issued for Adobe for ColdFusion seems to be the most critical, with multiple CVSS 9.8 code execution bugs being addressed.

Know that there is also a fix for a bug in the Admin Component service, which uses a hard-coded password for the administrator user.

That being said, an attacker can leverage this vulnerability to bypass authentication on the system. Hard to imagine hard-coded credentials have existed in the product for so long without being discovered.

ProductUpdate numberPlatformColdFusion 2023Update 14 and earlier versions    AllColdFusion 2023Update 4 and earlier versionsAll

Commerce & Magento

Moving on, we are going to take a closer look at the Commerce and Magento update, which addresses only one bug, but it’s a CVSS 10.

Thus, if you’re using either of these products, ensure you test and deploy this quickly to fix the stored cross-site scripting (XSS) bug.

ProductVersionPlatform Adobe Commerce2.4.4-p1 and earlier versions  All2.4.5 and earlier versions  AllMagento Open Source2.4.4-p1 and earlier versionsAll2.4.5 and earlier versions  All

Acrobat & Reader

We had an update for this app last month as well, so many users were actually confused to see another one this month.

The October patch for Acrobat and Reader was designed to fix six bugs, with the most severe being stack-based buffer overflows that could lead to code execution.

Using this bug, a threat actor would need to trick someone into opening a specially crafted PDF to get arbitrary code exec.

Adobe Dimension

Adobe also released a fix for Dimension that corrects nine bugs, eight of which are rated critical. Most of these are file parsing bugs and would require user interaction to exploit.  

We should also mention that none of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release.

Furthermore, the company actually categorizes these updates as a deployment priority rating of 3, in case you were wondering.

This is what you are looking at in terms of Patch Tuesday releases for Adobe for the month of October 2023, so hurry up and get the software.

Was this page helpful?

x

Start a conversation

Patch Tuesday Updates Fix Critical Flaws In Ie And Directshow

Microsoft’s Patch Tuesday for June 2010 is here. Microsoft released a total of 10 new security bulletins, addressing 34 separate vulnerabilities, including critical flaws in DirectShow and the Internet Explorer Web browser. Let’s turn to some industry experts and security professionals for additional insight on the Microsoft security bulletins, and perspective on how to prioritize and protect against the potential threats.

Seven of the security bulletins are rated as Important, while the remaining three are Critical. The Critical security bulletins include MS10-033 for DirectShow, and MS10-035 which addresses six different vulnerabilities in Internet Explorer.

Joshua Talbot, security intelligence manager for Symantec Security Response, points out that “This is the largest Microsoft patch release of 2010 and ties the record for the most vulnerabilities ever addressed in a single month; a record set in October of last year. This month’s release also features the largest ever single bulletin, with 14 vulnerabilities in Excel being addressed together.”

“Another Microsoft Patch Tuesday, another list of the usual suspects: Internet Explorer, Media Player, Office. Sadly, you no longer have to be psychic to figure out what’s coming. If I wasn’t in security, I’d be starting to wonder if it was time to go back to pen, paper and encyclopedias” mused Tyler Reguly, lead research engineer to nCircle.

Andrew Storms, director of security operations for nCircle, says “Generally, whenever Microsoft patches IE, it’s the top priority to deploy and this rule-of-thumb is doubly true this month. Along with patching a previously disclosed bug, Microsoft is patching a number of other critical security issues in IE this month, including their PWN2OWN bug from CanSec West.”

Storms added the following mitigating factors, though. “Critical bugs are still being found in IE8 and Windows 7, but they are harder to exploit because of Microsoft’s mitigation technologies. The underlying bugs are still there, but IE protected mode, Windows DEP and ASLR make them much far less attractive to hackers.

Qualys CTO Wolfgang Kandek explains in a blog post “MS10-032 addresses a local escalation of privilege vulnerability. While it is not remotely exploitable through any Microsoft product, third-party applications could expose it and provide a remote attack possibility.”

Kandek also clarifies “MS10-040 is a remotely exploitable vulnerability in all versions of IIS, but it is present only if the administrator has downloaded and installed the Channel Binding Update and enabled Windows Authentication. It further requires an account on the system, reducing the number of vulnerable hosts to a small subset.”

nCircle’s Reguly contributed this additional insight “As a researcher, I find MS10-041 and MS10-040 very interesting, although they are probably the least dangerous for the end user. Patches for MS10-035, which includes public vulnerabilities, and MS10-033 should probably be highest on most people’s priority lists because they include at least one public vulnerability and are likely to see published exploits in the next couple of weeks.”

“Aside from ensuring complete protection is running, computer users need to use common sense and avoid the dark alleys of the Internet as well as second guess and documents or links they are sent, including those that appear to come from friends, family or coworkers,” McAfee’s Marcus concluded.

A Microsoft spokesperson shared the following insight from Microsoft. “As always, Microsoft recommends that customers test and deploy all security updates as soon as possible to help protect their computers from criminal attacks. Specifically, Microsoft recommends customers prioritize deployment of MS10-033, MS10-034, and MS10-035.”

You can follow Tony on his Facebook page , or contact him by email at . He also tweets as @Tony_BradleyPCW .

Follow Tech Audit on Twitter.

Eve Online Patch 119.3: Here’s What’s New

EVE Online Patch 119.3: Here’s what’s new

885

Share

X

True gamers use the best gaming browser: Opera GX

Opera GX is a special version of the famous Opera browser that is built specifically to fulfill gamer’s needs. Packed with unique features, Opera GX will help you get the most out of gaming and browsing everyday:

CPU, RAM and Network limiter with hot tab killer

Integrated with Twitch, Discord, Instagram, Twitter and Messengers directly

Built-in sound controls and custom music

Custom color themes by Razer Chroma and force dark pages

Free VPN and Ad blocker

Download Opera GX

Eve Online is a sweet spot for all sci-fi multiplayer online role-playing fans. The game established itself as the leader of the genre and received critical recognition for it. Moreover, with the frequent patches, the game gets even better.

The latest patch brings out mild changes to the overall experience but also addresses balancing and bugs. Besides that, the game receives a few cosmetic improvements with the new sound theme. For that reason, we prepared a summary of main changes and fixes so you’ll know what to expect.

EVE Online Patch 119.3 changes summary Repair service

With this patch, players are able to use the ability to repair items in Upwell structures just like they usually did in services around the cluster. With this change, you’ll be able to repair drones, modules, and ships for free in Citadels, future Upwell Structures, and Engineering Complexes.

Improved scanning system

There are a lot of structural changes to the capsuleer’s scanning system. Compared to the previous version, players will enjoy the better visibility with a better-optimized color scheme. Additionally, the user interface is vastly improved for more easily deploying, managing and moving probes.

Rorqual and Mining improvements

Rorquals and Mining drones received balance changes. The mining tweaks reduced cycle times and yields for excavator mining drones. Tech two mining drones now gather greater benefits from Mining Drone Specialization Skills. Moreover, you can configure hotkeys to launch and control drones. Changes are also affecting PANIC defensive module which now requires active target lock on an ice deposit or asteroid before it can be activated.

Balancing

These are the notable balance changes in the new patch.

Fighters – Increased signature radius. Wyvern and Hell class supercarriers increased hangar bay size.

Heavy Interdictor –  Propulsion scrambling effect from Focused Warp Disruption script to Focused Warp Scrambling script. You can now select one of the 3 Warp Disruption Field generators with different traits.

Mobile Warp Disruptor – Mobile Warp Disruptors now generate killmails when destroyed and will self-destruct if unattended for longer periods of time. Additionally, shield regeneration and hitpoints have been rebalanced, too.

Bust Projector – Increased duration of their effects.

Fighter UX improvements

Fighter UX is also largely improved and optimized. These improvements include:

Improved info details and tooltips.

Support for estimated fighter damage per second.

Fewer Busy Squadron messages.

Cosmetics

A lot of interesting redesigns are also included in the patch. Besides some secondary aesthetic changes, there is some major remodeling of the Chimera and ORE Vessels. The Chimera received a new beautiful hull model with a smoother and more detailed look. Its model now features same textures technology as citadels. When it comes to ORE Vessels, they received a texture update with additional details and better paint layer spread.

Besides these notable changes, this patch brings match more. The players will be especially happy with the change to cargo holds. Namely, the cargo holds of ships maintenance arrays and bays are expanded so you can now store boosters, liquid ozone, and strontium in addition to charges.

You can find the detailed patch notes with complete changes here. All of these are quite an improvement for the already great game. It seems that the developers are doing a great job. You can expect this patch on 14th of March.

RELATED STORIES YOU NEED TO CHECK OUT:

Still experiencing issues?

Was this page helpful?

x

Start a conversation

Update the detailed information about Windows 10 April Patch Tuesday on the Cancandonuts.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!