Here's a summary of the four "critical" patches this month; the top one is super critical or, if you will, Heartbleed critical:
Microsoft is offering a bumper crop of security patches next week as part of its traditional Patch Tuesday fix fiesta.
A total of 16 patches are on the way this month, five of which are labelled 'Critical'. All five affect Windows and one also involves Internet Explorer.
Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft's Windows Update mechanism.
The conflict between snooping governments seeking to defeat encryption and users demanding ever more robust privacy tools has turned into an arms race—and it’s time for arms control talks, Microsoft’s general counsel said on Tuesday.
Resolving that conflict requires a new consensus on how to balance public safety and personal privacy, Brad Smith said in a forum at Harvard Law School. “Ultimately there are only two ways to better protect peoples privacy: stronger technology or better laws,” he said.
Microsoft has released a Fix It to disable the feature which was the subject of the POODLE attack. The Fix It, a program which implements changes in the registry, makes the process simpler than the alternatives.
POODLE is the name given to a vulnerability in SSL version 3.0 found earlier this month by a Google researcher. SSL was supplanted by TLS and the current version is 1.2, but systems may fall back to older versions if the server does not support the newer ones.