Press "Enter" to skip to content

2 Microsoft, 1 Google Security items: 2 are bugs, one a product

In Blocking and Tackling news today, Microsoft has issued an out of band Windows security update for Windows 8.1 and Server 2012 R2, urging customers to apply these updates promptly.   They impact the Windows Remote Access service, and resolve two elevation of privilege vulnerabilities.

The company has also indicated that Microsoft Defender Advanced Threat Protection now can contain malicious behavior on enterprise devices using the new endpoint detection and response in block mode capability.     In public preview, the feature works on all windows 10 versions and Windows Server 2016 or later and is included with Microsoft 365 E5 and E3 (with the Identity and Threat Protection offering) subscriptions.

Meanwhile, Google patched a major security bug impacting Gmail and GSuite.    The bug allowed spoofed emails to pass as compliant with SPF and DMARC.     Reported 137 days before, Google delayed patches past the disclosure deadline, and changed their mind when the researcher published details of the bug on her blog, and had the fix deployed in seven hours. 

Why do we care?

The article notes that the “bug patching snafu is a common occurrence in the tech industry, where many companies and their security teams don’t always fully understand the severity and repercussions of not patching a vulnerability until details about that bug become public, and they stand to be exploited.”

That was my takeaway – it may well be required to apply public pressure if companies aren’t taking this seriously enough.  

Source: Bleeping Computer

Source: Bleeping Computer

Source: ZDNet