#patching

now browsing by tag

 
 

What Is the ‘Fujiwhara Effect’ of Vulnerability Patching?

Source: National Cyber Security – Produced By Gregory Evans

Microsoft, Oracle and other software vendors release regular vulnerability patches to help organizations guard against cyberattacks. However, several software vendors will launch vulnerability patches on the same date at least three times in 2020, resulting in a phenomenon known as the “Fujiwhara effect.”

The Fujiwhara effect typically occurs when two hurricanes collide with one another, resulting in a massive storm. In terms of vulnerability patching, the Fujiwhara effect happens when two or more software vendors release vulnerability patches on the same day, according to Risk Based Security.

Organizations can experience the Fujiwhara effect of vulnerability patching this year on January 14, April 14 and July 14. On these dates, the following software vendors are scheduled to release vulnerability patches:

  • Microsoft.
  • Oracle.
  • Adobe.
  • SAP.
  • Siemens.
  • Schneider Electric.

MSSPs can help organizations prepare for the Fujiwhara effect, too. They can provide insights into vulnerability patching and help organizations keep their software up to date, and in doing so, ensure organizations are protected against current and emerging cyber threats.

Source

The post What Is the ‘Fujiwhara Effect’ of Vulnerability Patching? appeared first on National Cyber Security.

View full post on National Cyber Security

Intel asks #customers to #halt #patching for #chip #bug, citing #flaw

Source: National Cyber Security – Produced By Gregory Evans

Intel Corp (INTC.O) said on Monday that patches it released to address two high-profile security vulnerabilities in its chips are faulty, advising customers, computer makers and cloud providers to stop installing them.

Intel Executive Vice President Navin Shenoy disclosed the problem in a statement on the chipmaker’s website, saying that patches released after months of development caused computers to reboot more often than normal and other “unpredictable” behavior. 

“I apologize for any disruption this change in guidance may cause,” Shenoy said. “I assure you we are working around the clock to ensure we are addressing these issues.”

The issue of the faulty patches is separate from complaints by customers for weeks that the patches slow computer performance. Intel has said a typical home and business PC user should not see significant slowdowns.

Intel’s failure to provide a usable patch could cause businesses to postpone purchasing new computers, said IDC analyst Mario Morales.

Intel is ”still trying to get a handle on what’s really happening. They haven’t resolved the matter,” he said.

Intel asked technology providers to start testing a new version of the patches, which it began distributing on Saturday.

The warning came nearly three weeks after Intel confirmed on Jan. 3 that its chips were impacted by vulnerabilities known as Spectre and Meltdown, which make data on affected computers vulnerable to espionage.

Meltdown was specific to chips from Intel, as well as one from SoftBank Group Corp’s (9984.T) ARM Holdings. Spectre affected nearly every modern computing device, including ones with chips from Intel, ARM and Advanced Micro Devices Inc (AMD.O).

Problems with the patches have been growing since Intel on Jan. 11 said they were causing higher reboot rates in its older chips and then last week that the problem was affecting newer processors.

The post Intel asks #customers to #halt #patching for #chip #bug, citing #flaw appeared first on National Cyber Security .

View full post on National Cyber Security