Header Ads

Breaking News

This month's Windows and Office security patches: Bugs and solutions

It’s been another strange patching month. The usual Patch Tuesday crop appeared. Two days later, we got a second cumulative update for Win10 1903 and 1909, KB 4551762, that’s had all sorts of documented problems. Two weeks later, on Monday, Microsoft posted a warning about (another) security hole related to jimmied Adobe fonts.

Predictably, much of the security press has gone P.T. Barnum.

The big, nasty, scary SMBv3 vulnerability

Patch Tuesday rolled out with a jump-the-gun-early warning from various antivirus manufacturers about a mysterious and initially undocumented security hole in the networking protocol SMBv3.

Later that day, Microsoft released a broad description of the SMBv3 security hole in Security Advisory ADV200005 – apparently trying to close the door after the cow escaped. And the crowd went wild. How could Microsoft tell these antivirus vendors about a forthcoming fix, then fail to deliver the fix – and not warn the AV folks in time to pull their press releases? Tales of impending doom ran rampant.

Then, on Thursday, we saw another cumulative update for Win10 versions 1903 and 1909. KB 4551762 patches the SMBv3 security hole and, being a cumulative update, includes all earlier patches. The rush was on to install the patch-of-a-patch, but we started seeing all sorts of problems: errors on installation; random reboots; performance hits; and the return of our old profile-zapping bug, which leaves folks with empty desktops and hidden files.

Here’s the punch line. (Tell me if you’ve heard this one before.) After all the sturm un drang, researchers (notably including Kevin Beaumont) discovered that they couldn’t effectively use the security hole to take over a system:

Source link

No comments