Header Ads

Breaking News

This month's Windows and Office security patches: Bugs and solutions

With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it’s time for those of us who rely on stable PCs to consider installing the May patches.

While the general outlook now is good, we’ve been through some rough patches – which you may, or may not, have noticed.

Unannounced Intel microcode patch triggers reboots

On May 20, Microsoft released another of its ongoing series of “Intel microcode updates,” all named KB 4497165. Ostensibly intended to fix the Meltdown/Spectre security holes, many of them have a history of problems and hassles not commensurate with the amount of protection they provide (unless you’re running a bank transaction system or decrypting top secret emails).

This incarnation has proven relatively benign. The main problems:

  • Microsoft pushed it out the Automatic Update chute (and thus triggered a reboot) without warning anybody.
  • The Knowledge Base article still doesn’t describe this particular version.
  • Many machines that shouldn’t receive the patch – including AMD-based machines, which clearly don’t need an Intel patch – got it.

If you leave your machine set to install Automatic Updates, you get what you paid for. And then some.

The 5 scary new zero-days

Given the sensationalistic turn Windows patching has taken, I’m surprised we haven’t seen a rash of headlines, “Run for the hills! FIVE new Windows zero-days published!” But that’s what happened late last week. Trend Micro’s Zero Defense Initiative, ZDI, published descriptions of five new Windows zero-days. Four of them are the dread Privilege Escalation Vulnerabilities. Microsoft didn’t patch them quickly enough, so ZDI acted according to its conventions – waited four months to give Microsoft time to fix the hole – and then published “a limited advisory.”

Source Link

No comments