Leave a comment

Microsoft's latest software patch still leaves millions vulnerable

Microsoft's latest software patch still leaves millions vulnerable
© Dennizn | Dreamstime.com

If you are a regular reader of Komando.com, you should know by now that the second Tuesday of each month is unofficially called Patch or Update Tuesday by tech fans and IT pros alike.

This is when Microsoft and Adobe usually release updates and fixes for their line of software products. These updates usually contain bug fixes, security patches, and malware database refreshes for supported Windows operating systems and a slew of Adobe and Microsoft software products.

As expected last week, Adobe issued its set of security patches for Flash Player and other products. However, conspicuously absent were Microsoft's Patch Tuesday updates.

According to reports, Microsoft delayed its regular Patch Tuesday due to a "last minute issue."

One of the expected patches included in this month's updates was supposed to be a fix for a zero-day flaw in Windows's SMB file-sharing protocol that could potentially crash systems via a denial-of-service attack, at the very least.

Another zero-day flaw concerns a recently publicly disclosed Windows graphic bug that Google's Project Zero team shared with Microsoft six months ago.

Microsoft did not specify any reason for the delay but the company said that February's patches will not arrive until next month's Patch Tuesday scheduled for March 14.

Off-cycle patches

In a surprise move on Tuesday night, Microsoft pushed out off-cycle security fixes for Adobe Flash Player on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

The security bulletin MS17-005 is rated critical and it addresses flaws in Adobe Flash Player that can lead to remote code execution. These updates are now available via Windows Update.

If you notice, this set of patches merely mirrors the same fixes Adobe issued for Flash Player last week.

The fixes for the two zero-day Windows flaws are yet to be made available. Remember, zero-day vulnerabilities are previously unknown software exploits that are already being used by hackers so time is of the essence.

On a side note, this month's Patch Tuesday should've been the debut of Microsoft's new system of having a cumulative Monthly Rollup and two "Security Only" packages - a Security Only package with (no Internet Explorer fixes) and a Cumulative Security Update for Internet Explorer.

It looks like we will have to wait until March 14 to see this system fully in place.

For now, if you haven't updated your Windows machine's Flash Player, please update now.

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

 

Automatic Windows updates

 

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.

More must-read articles:

Malicious fake app bricks phone and installs ransomware

Email scam tricking drivers! Malware hiding behind traffic violation threats

Popular toy is a privacy nightmare and could let hackers spy on your children

Next Story
Source: ZDNet
Samsung Galaxy S8 and Galaxy S8 Plus photos leaked
Previous Happening Now

Samsung Galaxy S8 and Galaxy S8 Plus photos leaked

iPhone 8 features "revolutionary" new camera
Next Happening Now

iPhone 8 features "revolutionary" new camera

View Comments ()