Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

Inside the MSRC– The Monthly Security Update Releases

2018-02-15 KENNETH 0

Inside the MSRC– The Monthly Security Update Releases For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history.  In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence.  October 2003 ushered in what became known as Update Tuesday.  How and when Microsoft releases new products and services in market products has changed over the years, but the monthly delivery of security content has remained steady. So how do we decide what goes into a monthly security release?  That decision largely rides on required customer action and risk.  Required customer action is realized through products where customers need to take action to protect themselves against a vulnerability.  For consumers, protection [ more… ]

Announcing Windows 10 Insider Preview Build 17101 for Fast & Build 17604 for Skip Ahead

2018-02-15 KENNETH 0

Announcing Windows 10 Insider Preview Build 17101 for Fast & Build 17604 for Skip Ahead Hello Windows Insiders! Today, we are releasing Windows 10 Insider Preview Build 17101 (RS4) to Windows Insiders in the Fast ring. We are also releasing Windows 10 Insider Preview Build 17604 (RS5) to Windows Insiders who have opted into Skip Ahead. Flighting to Skip Ahead Right now our focus is on stabilization for RS4. As part of the stabilization process, we have “forked” RS4 into its own branch called “RS4_RELEASE” just like we did with RS2 and RS3. Going forward – RS4 builds will come from the RS4_RELEASE branch. This also means that we intend to release new RS4 builds to Insiders more quickly to both the Fast and Slow rings as these builds we include mostly bug fixes. In RS3, we experimented with the [ more… ]

No Image

USN-3572-1: FreeType vulnerability

2018-02-15 KENNETH 0

USN-3572-1: FreeType vulnerability Ubuntu Security Notice USN-3572-1 14th February, 2018 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary FreeType could be made to crash if it opened a specially crafted file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType incorrectly handled certain files.An attacker could possibly use this to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libfreetype6 2.8-0.2ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to makeall the necessary changes. References CVE-2018-6942 Source: USN-3572-1: FreeType vulnerability

Mixed Reality at Microsoft – February update

2018-02-15 KENNETH 0

Mixed Reality at Microsoft – February update It’s hard to believe that 2018 is almost two months old! Speaking on behalf of everyone on the mixed reality team at Microsoft, we are excited about the year to come. We have a lot of fun things planned. Because I love mixed reality so much, I thought February 14th (Valentine’s Day for those who celebrate) would be the perfect day to kick off a new regular update from us. Each month we will share some news on what we are doing, and we will highlight some of the great work coming to market from our customers and partners. Let’s get going with what we have to share today! Making it easier to get your hands on HoloLens We have heard loud and clear that people are looking for additional ways to get [ more… ]

No Image

USN-3570-1: AdvanceCOMP vulnerability

2018-02-15 KENNETH 0

USN-3570-1: AdvanceCOMP vulnerability Ubuntu Security Notice USN-3570-1 14th February, 2018 advancecomp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary AdvanceCOMP could be made to crash or run programs if it opened a specially crafted file. Software description advancecomp – collection of recompression utilities Details Joonun Jang discovered that AdvanceCOMP incorrectly handled certainmalformed zip files. If a user or automated system were tricked intoprocessing a specially crafted zip file, a remote attacker could causeAdvanceCOMP to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: advancecomp 2.0-1ubuntu0.1 Ubuntu 16.04 LTS: advancecomp 1.20-1ubuntu0.1 Ubuntu 14.04 LTS: advancecomp 1.18-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]