We're community supported and proud of it!
|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
Daily Archives: February 25, 2020
-
The late Feb “optional, non-security, C/D Week” patch is out but only for Win10 version 1809 and 1709. Win8.1 preview is also out.
Posted on February 25th, 2020 at 12:34 Comment on the AskWoody LoungeI take this as a good sign – that Microsoft’s spending more time on testing the Win10 1903 and 1909 patches, but then again the Win10 1903 and 1909 “optional, non-security, C/D Week” patches have lagged behind 1809 for almost a year. Fat lot of good that’s done us.
Just out:
- Win10 version 1809 “February 25, 2020—KB 4537818 (OS Build 17763.1075)” with dozens of minor patches
- Win10 version 1709 “February 25, 2020—KB 4537816 (OS Build 16299.1717)” with a handful of patches
- Win8.1 “February 25, 2020—KB 4537819 (Preview of Monthly Rollup)” with two tiny patches
Of course, most people shouldn’t install them.
-
Admins, heads up! Another Patch Tuesday security hole has a public exploit
Posted on February 25th, 2020 at 12:07 Comment on the AskWoody LoungeA week ago today, I warned those of you running SQL Server systems to install the latest Patch Tuesday patches. In particular, CVE-2020-0618 was cracked and Proof of Concept code was readily available.
Now there’s a description on the Zero Day Initiative blog that another Patch Tuesday patch, CVE-2020-0688, is ripe for the picking on systems running Exchange Server.
If you aren’t in charge of a SQL Server or Exchange Server system, you can return to your normally scheduled programming. But if you’re in the hot seat for either or both, it’s time to take Susan Bradley’s advice and get patched. Like, now.
UPDATE: This is really bad. From Kevin Beaumont:
From playing with this last night – this vulnerability rains credentials. You land as SYSTEM. Run Mimikatz. Exchange stores user credentials in memory in plain text, so you end up with every user password, no hashing.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
