News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • February missing security patch toll: Two zero-days and counting

    Posted on February 28th, 2017 at 11:28 woody Comment on the AskWoody Lounge

    Good report from Dan Goodin at Ars Technica.

    Google’s Project Zero sticks to its 90-day notification policy, and a second 0day has been revealed, this time apparently involving CSS tokens.

    The details are important. For example, there’s no exploit code available for this second 0day. But the first 0day, involving a gdi32.dll heap boundary, is still at large.

    So is the SMBv3 bug that causes crashes, and may lead to deeper exploits.

    Security patches are scheduled to resume on March 14.