Microsoft and Google postpone insecure authentication removal

Posted by & filed under Security Alerts.

Microsoft says that Basic Authentication’s removal from Exchange Online is being postponed until the second half of 2021 due to the current situation created by the COVID-19 pandemic. “In response to the COVID-19 crisis and knowing that priorities have changed for many of our customers we have decided to postpone disabling Basic Authentication in Exchange Online… Read more »

Oracle Critical Patch Update Advisory – January 2020

Posted by & filed under Security Alerts.

Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to: Critical… Read more »

Microsoft Patch Tuesday for January 2020

Posted by & filed under Security Alerts.

This month, Microsoft wasn’t able to prevent information about these updates from leaking as it usually can. Information about one particular flaw, %CVE:2020-0601%, the “Windows CryptoAPI Spoofing Vulnerability,” was leaked as early as Friday. CVE-2020-0601 has a significant impact on endpoint security. An attacker exploiting this vulnerability will be able to make malicious code look… Read more »

Critical Vulnerabilities in Microsoft Windows Operating Systems

Posted by & filed under Security Alerts.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI… Read more »