• Microsoft says the two “Exploited” security holes in the September patches aren’t actually exploited

    Posted on September 12, 2019 at 13:49 CDT by Comment in the Forums

    I took a lot of flak over this on Twitter.

    In this month’s Patch Tuesday crop were five potentially dangerous security holes — two listed as “Exploited” (meaning Microsoft has seen working exploits using the holes) and three listed as “Publicly disclosed” (meaning someone has posted something about the hole).

    As I said at the time, none of these are a big deal. The publicly disclosed security holes are deemed “Less likely” to be exploited. The exploited security holes were a big mystery — I couldn’t find any substantive information about them. That’s not particularly alarming because Microsoft frequently fixes security holes that are being used in very specific targeted attacks, and won’t see light of day for months or years, if ever.

    Now I know why I couldn’t find anything other than a rehash of Microsoft’s explanation. Without any notification, Microsoft has changed the entries for both CVE-2019-1214 and CVE-2019-1215 so they’re no longer listed as “Exploited.”

    At the same time we have a verified, acknowledged Search bug in the Win10 1903 patch, and there are several additional problems that haven’t yet reached critical mass.

    There’s a reason why I recommend that you hold off on updates.

    It’s not an isolated incident. This kind of thing happens every month.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    May 2023
    S M T W T F S
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.