Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks
Posted by Virus Bulletin on Mar 12, 2015
Aryeh Goretsky gives advice on how to adapt to Windows 10's patching strategy.
Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago, but which could still be exploited.
In fact, six out of the last eight Patch Tuesdays have included patches that have caused problems for some Windows users.
Probably in response to this reality, Microsoft has announced a slightly different approach to patching for its upcoming Windows 10 operating systems. The changes include a new Long Term Servicing (LTS) branch, as well as the use of 'fast' and 'slow' release cycles.
Today, we publish an article by ESET researcher Aryeh Goretsky, who takes a close look at these changes and their consequences for Windows 10 users. He also gives some recommendations on how to adapt to this new patching strategy. Windows 10 Enterprise Technical Preview Build 9926 showing 'fast' and 'slow' release channels.
You can read the paper here in HTML format or here as a PDF. Remember that all content published by Virus Bulletin can be read free of charge, with no registration required.
Have you looked at the (in?)security of Windows 10? Why not submit an abstract for VB2015? The call for papers closes tomorrow (13th March).
Posted on 12 March 2015 by Martijn Grooten
In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.
VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.
VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.
The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!
Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.