News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • March 2019 Patch Tuesday patches

    Posted on March 12th, 2019 at 12:10 woody Comment on the AskWoody Lounge

    They’re starting to roll in.

    Martin Brinkmann has a full roundup on ghacks.net:

    • Windows 7: 21 vulnerabilities of which 3 are rated critical and 18 are rated important.
    • Windows 8.1: 20 vulnerabilities of which 3 are rated critical and 17 are rated important.
    • Windows 10 version 1703:  24 vulnerabilities of which 2 are critical and 22 are important
    • Windows 10 version 1709: 28 vulnerabilities of which 2 are critical and 26 are important
    • Windows 10 version 1803: 33 vulnerabilities of which 6 are critical and 27 are important
    • Windows 10 version 1809: 33 vulnerabilities of which 6 are critical and 27 are important

    The Microsoft Update Catalog lists 124 individual patches.

    Dustin Childs has his usual thorough review on the ZDI blog:

    security patches for 64 CVEs [ = separately identified security holes ] along with four advisories… Four of these bugs are listed as public and two are listed as being under active attack at the time of release.

    The two that are under active attack (which is to say, the two 0days) are both rated “Important” which, as many of you know, means they aren’t really all that important. They’re “elevation of privilege” attacks — a miscreant has to be in your system already before they can leverage one of these two attacks to move themselves up to admin level.

    The list of Win10 patches is up on Reddit.

    Win10 1809 – It looks like the “crazy” performance drop in games, including Destiny 2, has been fixed.

    There’s a Servicing Stack Update for Windows 7 that’s related to the SHA-2 “critical update” we’ve been expecting since November. No idea if this is the whole fix, or if it’s just a part of enabling SHA-2 encryption for Win7 patches. As noted in the earlier article, you need to get this Servicing Stack Update in order to install any Win7 patches after July. Thx @EP, @Crysta.

    6 new Office security patches, to add to the 28 non-security patches from earlier this month. Two new versions of Office Click-toRun: 15.0.5119.1000 for Office 2013; 14.0.7230.5000 for Office 2010.

    I don’t see anything screaming to be patched at this moment. More as the day wears on.

    If that helped, take a second to support AskWoody on Patreon