Microsoft Patch Tuesday and patch management

Patch management can be a full-time job by itself. Get advice on how to install a security patch, patch deployment, tools, and policy. Also get the latest news on Microsoft Patch Tuesday and vulnerabilities and security patch management updates from other major software vendors .

Top Stories

News 12 Jan 2022
Exchange Server woes continue on January Patch Tuesday

Exchange Server admins who had to cope with a Y2K22 error to start the new year have three more vulnerabilities of varying levels of severity to resolve for Patch Tuesday. Continue Reading
By
- Tom Walat, Site Editor
News 10 Nov 2021
Exchange zero-day corrected on November Patch Tuesday

Microsoft released a security update to shut down a publicly exploited vulnerability in the beleaguered on-premises messaging platform. Continue Reading
By
- Tom Walat, Site Editor

News 26 Jan 2017
More than 200 vulnerabilities found in Trend Micro security products

Researchers uncovered more than 200 vulnerabilities across Trend Micro products, but experts said the company brand won't take a hit. Continue Reading
By
- Michael Heller, TechTarget
News 19 Jan 2017
Windows 10 security tackles exploits, while Windows 7 gets a warning

As Microsoft touted its Windows 10 security features defeating unpatched zero-day vulnerabilities, it also warned customers about security issues with Windows 7. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 17 Jan 2017
Managing vulnerable software: Using data to mitigate the biggest risks

Three pieces of vulnerable software are most targeted by the exploit kits studied in a Digital Shadows report. Expert Nick Lewis explains how your enterprise can manage them. Continue Reading
By
- Nick Lewis
News 13 Jan 2017
St. Jude Medical finally patches vulnerable medical IoT devices

News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more. Continue Reading
By
- Madelyn Bacon, TechTarget
News 10 Jan 2017
January Patch Tuesday sparse before Windows security updates change

Microsoft offers up a meager January 2017 Patch Tuesday release before bigger changes planned for Windows security update announcements, which are set to take effect in February. Continue Reading
By
- Michael Heller, TechTarget
News 04 Jan 2017
SSL certificate validation flaw discovered in Kaspersky AV software

Google Project Zero discovers more antivirus vulnerabilities. This time, the issues are with how Kaspersky Lab handles SSL certificate validation and CA root certificates. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 04 Jan 2017
How does a Linux vulnerability allow attacks on TCP communications?

A Linux vulnerability that affects 80% of Android devices allows for attacks on TCP communications and remote code execution. Expert Michael Cobb explains how to mitigate these risks. Continue Reading
By
- Michael Cobb
News 06 May 2016
Commercial code riddled with open source vulnerabilities

Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 01 Mar 2016
Outdated apps: What are the best ways to address them?

Dead and outdated apps can pose serious security risks for enterprises. Expert Nick Lewis explains how to find and remove dead apps before they become a problem. Continue Reading
By
- Nick Lewis
Tip 12 Oct 2015
Getting to the bottom of the software vulnerability disclosure debate

The vulnerability disclosure debate rages on: Enterprises should know they are at risk, but vendors need time to patch flaws. Which side should prevail? Expert Michael Cobb discusses. Continue Reading
By
- Michael Cobb
Tip 06 Feb 2015
SSL/TLS security: Addressing WinShock, the Schannel vulnerability

Schannel is the latest cryptographic library to encounter SSL/TLS security issues. Expert Michael Cobb discusses the WinShock vulnerability and how to mitigate enterprise risks. Continue Reading
By
- Michael Cobb
Tip 13 Jan 2015
Lessons learned: Network security implications of Shellshock

Shellshock had a tremendous impact on network security, affecting many popular vendors and products. Expert Kevin Beaver discusses what Shellshock means to network security, and the lessons that can be learned from the vulnerability. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 18 Nov 2014
How vulnerable is Silverlight security?

Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it. Continue Reading
By
- Nick Lewis
Tip 23 Sep 2009
Determine your Microsoft Windows patch level

A handful of patch management tools from Microsoft and third -parties can help your organization determine your Windows patch level and identify missing security patches. Continue Reading
By
- Tony Bradley, Bradley Strategy Group
Tip 17 Jan 2008
Developing a patch management policy for third-party applications

Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrobat Reader to iTunes -- complicates matters, but security professionals shouldn't lose hope. Effective patch management for third-party products is possible, and contributor Ed Skoudis has the tools to do it. Continue Reading
By
- Ed Skoudis, SANS Technology Institute
Tip 15 Nov 2004
How to patch vulnerabilities and keep them sealed

Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities. Continue Reading
By
- George Wrenn, CISSP, ISSEP