Free Republic

DogWalk, a security flaw in Windows first discovered in January 2020, has finally been addressed, the company has confirmed.The remote code execution flaw, existing due to a path traversal weakness in the Windows Support Diagnostic Tool (MSDT), is being patched as part of the August 2022 Patch Tuesday, Microsoft has said.

Vaccines could be coming for issues we traditionally could not vaccinate against.’ HOW CAN A VACCINE TREAT CANCERS OR CHRONIC INFECTIOUS DISEASES? T cell responses are very important for identifying cells infected with chronic diseases and aberrant cancer cells. They also play a big role in eliminating these cells from the body. When a cell becomes cancerous, it starts producing neoantigens. In normal cases, the immune system detects these neoantigens, recognizes that something’s wrong with the cell and eliminates it. The reason some people get tumors is that their immune system isn’t quite capable of eliminating the tumor cells, so...

People who've received both doses of the Pfizer-BioNTech or Moderna coronavirus vaccines will probably need a booster shot this year, top executives for those two pharmaceutical companies said this week. Pfizer CEO Albert Bourla said people who've gotten both doses would likely need a third shot within 12 months and might need an annual shot thereafter.

A University of Cincinnati student died one day after receiving the Johnson & Johnson COVID-19 vaccine, according to health officials. John Foley, 21, passed away unexpectedly on Sunday — a day after he was administered the one-dose jab, Hamilton County Coroner Lakshmi Kode Sammarco told Fox 19. The cause of Foley’s death is under investigation by the Ohio Department of Health and the coroner’s office.Foley was found Sunday by his roommates. There is no evidence that his death is related to the Johnson & Johnson shot — which was paused in the US this week over ties to blood clots.

A Mississippi man who experienced a blood clot after receiving the Johnson & Johnson COVID-19 vaccine, has been left paralyzed on one side and unable to talk, his family said. Brad Malagarie, 43, of St. Martin, suffered a stroke soon after stepping out last week to get the one-dose shot, news station WLOX reported. “They called me and said he had that vaccine and something is wrong, we think it’s a stroke,” his aunt, Celeste Foster O’Keefe, told the outlet. The father of seven was rushed to the hospital, where it was determined that he had a stroke as a...

Approximately 5,800 fully vaccinated Americans — out of 66 million who received the shots — still became infected with COVID-19, according to Centers for Disease Control and Prevention data reported Thursday. The infections, dubbed breakthrough cases — or positive test results that occur at least two weeks after a person gets their final coronavirus vaccine dose — represents about 0.008 percent of Americans who are fully vaccinated... The federal agency found 29 percent of breakthrough infections were asymptomatic, while 7 percent led to hospitalization. So far, 74 people have died from breakthrough infections — but it’s not clear which vaccine...

The Ohio Department of Health is monitoring the investigation into what may have caused a 21-year-old University of Cincinnati student to die suddenly last Sunday, around a day after he received the Johnson & Johnson vaccine. Alicia Shoults, a spokeswoman for the state health department, said the agency is waiting for the completion of a Hamilton County coroner’s report, and “if necessary,” further guidance from the CDC. If an adverse effect from a vaccine is reported to the CDC, it then leads to a federal investigation into whether the negative effects were coincidental or somehow related to the vaccine, Shoults...

Two new studies published in Blood suggest that the mRNA COVID-19 vaccine may have reduced efficacy in individuals with chronic lymphocytic leukemia (CLL) and multiple myeloma, two types of blood cancer. According to researchers, these studies could help inform the ideal time for vaccination of these populations. Study suggests two-dose COVID-19 vaccine is less effective for people with CLL as compared to healthy controls. The first study reports that people with CLL had markedly lower immune response rates to the two-dose mRNA COVID-19 vaccine than healthy individuals of the same age. Because clinical trials of these vaccines did not include...

Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates.Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective update (KB4601392) applied to Windows 10 users (version 1607 for 32-bit and x64-based systems) and Windows Server 2016 users.To address this issue, Microsoft has removed the faulty update and released a new one (KB5001078).“There is a known issue...

Don't expect any Windows 10 preview updates in December due to holidays, says Microsoft. Microsoft has told Windows 10 owners and IT admins not to expect any Windows 10 preview updates in December to give them a break when staffing levels are low over the holiday season. December will be a break from the usual schedule of Windows 10 updates each month, which include optional previews that arrive after the mandatory Patch Tuesday security updates in the second week of every month. "Because of minimal operations during the holidays and the upcoming Western new year, there won't be any preview...

Android, Adobe, SAP, Red Hat join the bug-busting party Patch Tuesday Microsoft published fixes for 112 software vulnerabilities for its November Patch Tuesday, 17 of which have been rated critical.Of the remainder, 93 are rated important, and two are rated low severity.Fifteen Microsoft products are affected, including: Microsoft Windows, Office, Internet Explorer, Edge (EdgeHTML and Chromium), ChakraCore, Exchange Server, Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Teams, Azure SDK, Azure DevOps, and Visual Studio.One of the fixed flaws is being actively exploited, the Windows Kernel Cryptography Driver vulnerability (CVE-2020-17087) disclosed by Google's Project Zero at the end of last...

Redmond urges folks to apply update ASAP – plus more fixes for Outlook and software from Adobe, Intel, SAP, Red Hat Patch Tuesday Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.Nadella's security crew has identified 22 remote code execution (RCE) CVEs though the most worrisome looks like CVE-2020-16898, Windows TCP/IP RCE, which is rated 9.8 out 10 in severity. It affects Windows desktop and server systems.According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets. Thus someone could send a vulnerable...

As 1809 is nudged toward the darkness, the Baron of Bork has plans for 1903 and 1909 There are three certainties in life: death, taxes and duff patches from Microsoft. So, yes, some Windows 10 users have found their PC unhappy following Tuesday's patch shenanigans.A helpful forum posting from one of Microsoft's loyal MVPs concerning the arrival of KB4532693 for Windows 10 1903 and 1909, and KB4532691 for 1809, has seen some customers reporting that the updates had left their systems a little distressed.Users have found things reset to a seemingly default state and a temporary user account used for...

[dayglored's note: This is direct from the horse's mouth, Microsoft Technet. It's a bad one, like the WannaCry malware from a couple years ago.] Today [May 14] Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a...

Also: Edge is foiled by hyperlinks, Windows Server fails at authentication requests, and Microsoft is a $486bn company Microsoft has begun its 2017 with the release of four updates to address security holes in Windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader. Microsoft's January patch load includes: MS17-001, a fix for the Edge browser to address a flaw that would let a malicious page gain elevated access privileges when the user clicks on a link. "An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies...

Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload. The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems. In total, ten bulletins have been bundled into the Patch Tuesday payload: MS16-118 is a cumulative update for Internet Explorer to address 11 security vulnerabilities, including six remote code execution...

Microsoft security bulletins are released on the second Tuesday of each month.

The Microsoft Security Bulletin Critical fixes for Office, Internet Explorer, and Windows DNS Server highlight this month's edition of Patch Update Tuesday. The Redmond Windows slinger has kicked out 16 bulletins this month, five rated as "critical" and the remaining 11 considered "important" risks. [Detailed listing clipped, see comment] Not to be outdone, Adobe is also dumping a load of patches for the second Tuesday of the month. The Adobe patches include an actively targeted vulnerability in Flash and multiple updates for ColdFusion, Brackets, Creative Cloud desktop application and DNG SDK.

https://technet.microsoft.com/en-us/security/bulletin/ Download an Excel file containing detailed information, such as affected components, bulletin replacements, reboot requirements, and related Common Vulnerabilities and Exposures (CVEs). Additionally, bulletin information in the Common Vulnerability Reporting Framework (CVRF) format is available. Date Bulletin Number KB Number Title Bulletin Rating 5/10/2016 MS16-067 3155784 Security Update for Volume Manager Driver Important 5/10/2016 MS16-066 3155451 Security Update for Virtual Secure Mode Important 5/10/2016 MS16-065 3156757 Security Update for .NET Framework Important 5/10/2016 MS16-064 3157993 Security Update for Adobe Flash Player Critical 5/10/2016 MS16-062 3158222 Security Update for Windows Kernel-Mode Drivers Important 5/10/2016 MS16-061 3155520 Security Update for Microsoft...

Microsoft blats bugs in super-secure web browser Edge, its OS, the Office suite, and more Microsoft has patched 41 CVE-listed security vulnerabilities in its software this month. The second Patch Tuesday monthly update of the year brings with it fixes for security flaws in both Internet Explorer and Edge that could allow remote-code-execution attacks simply by visiting a webpage. Also fixed are remote-code-execution holes in the Windows PDF Viewer and Microsoft Office. [Full list on the Register article page] After installing the Microsoft updates, users and administrators would be wise to install monthly fixes issued Tuesday by Adobe for Flash...