Microsoft releasing 22 patches next week for Windows and Office
Computerworld - Microsoft today said it will issue four security updates next week, only one of which is pegged as critical, to patch 22 vulnerabilities in Windows and Visio 2003.
Next Tuesday’s patch lineup is smaller than June’s, when Microsoft shipped16 updates that fixed 34 flaws. The company typically delivers a lighter load in odd-numbered months. In May, for instance, Microsoft shipped just two updates — the company calls them “bulletins” — to patch only three vulnerabilities.
Of the four updates slated, one will be rated “critical,” the highest threat label in Microsoft’s four-step scoring system, while the other three will be marked “important,” the second-most-dire ranking.
Next week’s Patch Tuesday vulnerability count will be among the largest for the year, with its 22 bested only by April’s 64 and June’s 34, and tied with February’s collection.
But the bugs-per-bulletins ratio is the highest for the year, observed Andrew Storms, director of security operations at nCircle Security, hinting of next week’s releases.
“I think we’ll see one bulletin with a very high number of vulnerabilities,” said Storms. “We’ve seen that happen several times this year, most recently last month when it patched eight bugs in Excel with one update.
Storms said that the multi-bug update coming next Tuesday may fix numerous “elevation of privilege” vulnerabilities or a large number of “DDL load hijacking” flaws.
The former describes a bug attackers can use to gain complete administrative control of a system that they can already access, perhaps through an exploit of a separate vulnerability. DLL load hijacking, on the other hand, is the term used for attacks that rely on tricking applications or operating systems into loading a malicious file with the same name as a legitimate DLL, or dynamic link library.
Microsoft has issued more than a dozen DLL load hijacking updates since last November. In May, the Slovenian firm Acros Security announced thatmore DLL load hijacking updates were necessary to plug holes in Windows 7 and Internet Explorer 9 (IE9). At the time, Microsoft said only that it was investigating the Acros report.
The sole critical update scheduled for next week affects Windows Vista and Windows 7, but does not impact the much older Windows XP or any of Microsoft’s server operating systems.
Because Windows XP will be immune to the one or more vulnerabilities in that update, Storms said the bug had to be in code first used in Vista, then reused in Windows 7. He noted there are multiple candidates that fit the bill, including the security prompting component called UAC — for “user account control” — but said there wasn’t sufficient information to take an educated guess.
RansomWare-This type of virus is one that is typically distributed through a fake email claiming to have a greeting, card, invoice, check, PO, or something of the sort attached. It can also be published as a fake adobe or java update. In case you aren’t familiar with the utter destruction, you should read here http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Basically if you don’t have backup, you have likely lost all of your files. In some iterations it is even smart enough to remove previous versions saved by Windows using VSS so that you can’t simply restore them to yesterday. In 95% of cases, you better have a good backup, I prefer Crashplan, I feel like it is the best backup solution on the market and is very very inexpensive. I have it on every device I own.