Daily Archives: February 25, 2020
-
The late Feb “optional, non-security, C/D Week” patch is out but only for Win10 version 1809 and 1709. Win8.1 preview is also out.
Posted on February 25th, 2020 at 12:34 Comment on the AskWoody LoungeI take this as a good sign – that Microsoft’s spending more time on testing the Win10 1903 and 1909 patches, but then again the Win10 1903 and 1909 “optional, non-security, C/D Week” patches have lagged behind 1809 for almost a year. Fat lot of good that’s done us.
Just out:
- Win10 version 1809 “February 25, 2020—KB 4537818 (OS Build 17763.1075)” with dozens of minor patches
- Win10 version 1709 “February 25, 2020—KB 4537816 (OS Build 16299.1717)” with a handful of patches
- Win8.1 “February 25, 2020—KB 4537819 (Preview of Monthly Rollup)” with two tiny patches
Of course, most people shouldn’t install them.
-
Admins, heads up! Another Patch Tuesday security hole has a public exploit
Posted on February 25th, 2020 at 12:07 Comment on the AskWoody LoungeA week ago today, I warned those of you running SQL Server systems to install the latest Patch Tuesday patches. In particular, CVE-2020-0618 was cracked and Proof of Concept code was readily available.
Now there’s a description on the Zero Day Initiative blog that another Patch Tuesday patch, CVE-2020-0688, is ripe for the picking on systems running Exchange Server.
If you aren’t in charge of a SQL Server or Exchange Server system, you can return to your normally scheduled programming. But if you’re in the hot seat for either or both, it’s time to take Susan Bradley’s advice and get patched. Like, now.
UPDATE: This is really bad. From Kevin Beaumont:
From playing with this last night – this vulnerability rains credentials. You land as SYSTEM. Run Mimikatz. Exchange stores user credentials in memory in plain text, so you end up with every user password, no hashing.