Microsoft Patches USB-Related Flaw Used in Targeted Attacks

This is a more common threat than most would care to admit, but the threat is largely not the work of hard core hackers and social engineers.  It is better attributed to lazy employees and poor home computer hygiene.  That said, I am pleased to see Microsoft addressing this problem once again and for providing an event log for better tracking of attempted attacks.

Manipulating WSUS to Own Enterprises

This concerns me.  Fear associated with the patching process has the potential to be one of the greatest weaknesses in the overall security of organizations.  If a business is afraid to apply patches due to potential vulnerabilities in WSUS, then a significant battle is lost and all of the organization’s end points are at risk.  And from this demonstration at Black Hat, there is a solution in the form of SSL with proper certificate management, but Microsoft has placed that burden on the end user organization.  This issue should be addressed and it should be addressed quickly.