Newsletter Archives

  • October 2020 Microsoft Patch Tuesday updates are rolling out

    The patches have been released.

    There are 365 new entries for October, 2020 Patch Tuesday in the Microsoft Update Catalog.

    There are 1838 vulnerabilities listed in the Microsoft Security Response Center for October.

    Dustin Childs just posted his usual in-depth analysis on the Zero Day Initiative blog:

    • Adobe released one patch for October to fix a single vulnerability in Flash.
    • Microsoft released patches to correct 87 CVEs. Of these, 11 are Critical, 75 listed as Important, and one as Moderate.

    None of the bugs are listed as being under attack at the present, but 6 are listed as publicly known at the time of release.

    KB 4580325 — 2020-10 Security Update for Adobe Flash Player on Win8.1 and Win10. The Flash Player update for Win7 should be downloaded from Adobe.

    According to Sergiu Gatlin at BleepingComputer Windows 10 now blocks some third-party drivers from installation

    Microsoft says that Windows 10 and Windows Server users will be blocked from installing incorrectly formatted third-party drivers after deploying this month’s cumulative updates.

    “When installing a third-party driver, you might receive the error, ‘Windows can’t verify the publisher of this driver software’,” Microsoft says.

    “You might also see the error, ‘No signature was present in the subject’ when attempting to view the signature properties using Windows Explorer.”

    This issue is caused by improperly formatted driver catalog files that trigger the errors during the driver validation process as Microsoft explains.

    Starting with the October 2020 updates, Windows requires DER-encoded PKCS#7 content to be valid and correctly embedded in catalog files.

    “Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690,” Microsoft adds.

    Users who encounter these errors while attempting to install a third-party driver are advised to ask their driver vendor or device manufacturer (OEM) for an updated and correctly signed driver.

    Affected Windows platforms include client (from Windows 8.1 up to Windows 004) and server versions (from Windows Server 2012 R2 up to Windows Server, version 2004).

    Martin Brinkman has his usual thorough rundown on

    A reminder if you are on Windows 10 v1809 or v1903. It is time to think about moving to a later version. V1809 reaches EOS on 2020-11-10 and v1903 on 2020-12-08.