Microsoft Patch Tuesday Returns

Wednesday, March 15, 2017 @ 07:03 AM gHale


Microsoft patched dozens of vulnerabilities across 18 bulletins in its return to Patch Tuesday after a month-long patch hiatus.

Among the patches include one “critical”-rated flaw, which had publicly disclosed exploit code since early February.

RELATED STORIES
Microsoft Doubles Bug Rewards – For Now
Microsoft Opens Security Center in Mexico
Canadian Security Institute Launches
National Cyber Incident Plan Published

The vulnerability relates to a Windows SMB bug, of which its proof-of-concept code released prior to this month’s scheduled Patch Tuesday.

The memory corruption bug could allow a remote, unauthenticated attacker to crash an affected machine, according to an advisory posted by Carnegie Mellon University’s public vulnerability database posted in February.

Laurent Gaffié, who found the flaw last year, released the exploit code just days before Microsoft was going to patch the issue in February.

Although Microsoft fixed the bug, Gaffié did not get credit with an acknowledgement in the bulletin.

Microsoft said all versions of Windows suffer in varying degrees by the bug.

The company also fixed eight other critical flaws — which includes two cumulative updates for Internet Explorer and its Edge browser. Nine other important bulletins ended up issued.

March’s patches are available through Windows Update.

Microsoft delayed its Patch Tuesday schedule last month for the first time in its history, with the exception of one critical Flash bug.



Leave a Reply

You must be logged in to post a comment.