Newsletter Archives

• CVE-2020-0796, the SMBv3 security hole, doesn’t pose an immediate threat

  Posted on March 13, 2020 at 16:52 CDT by woody • Comment in the Forums

  I’ve been sitting on pins and needles wondering when an in-the-wild exploit for the just-patched SMBv3 security hole might appear.

  Looks like it’s much harder than many folks expected. Kevin Beaumont just posted this:

  

  We’re going to stay at MS-DEFCON 2 for the foreseeable future, particularly because we’re seeing many more reports of the disappearing icons/temporary profile bug.

  Windows Patches/Security CVE-2020-0796, KB 4551762, March 2020 Black Tuesday

• Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

  Posted on March 12, 2020 at 10:57 CDT by woody • Comment in the Forums

  Microsoft just released the patch that it almost released on Tuesday. It’s the SMBv3 patch that’s set the security community on fire.

  KB 4551762, which fixes CVE-2020-0796 is a regular, old-fashioned Win10 cumulative update, but it’s only made for Win10 1903, 1909, Server  1903 Core and Server 1909 Core. (I still have no idea why only Server Core versions are affected.)

  Anyway, I’m going to keep my eyes open for any obvious problems and, if the coast looks reasonably clear, we may be moving to MS-DEFCON 3 or 4 pretty quickly.

  For now, hold off. There are no known exploits. But be ready to twitch that clicking finger.

  Will keep you posted.

  UPDATE: 24 hours later, I still haven’t seen an in-the-wild exploit. But there are many reports of a repeat of the “missing icon”/temporary profile bug associated with KB 4551762.

  Kevin Beaumont tweeted:

  For anybody pondering, I’ve tried various exploits for CVE-2020-0796 – with a default config and vulnerable Windows 10 install, Windows Defender detects the exploit attempt. If you have automatic updates enabled you will also have the patch already.

  It’s a significant security hole, but it doesn’t appear to be an imminent threat.

  Mayank Parmar has a recounting of the bugs in Windows Latest.

  Still watching.

  Windows Patches/Security CVE-2020-0796, KB 4551762, March 2020 Black Tuesday

• Patch Tuesday update: Disappearing SMBv3 patch, non-security Office patches, and a so-far-mild Patch Tuesday

  Posted on March 11, 2020 at 10:57 CDT by woody • Comment in the Forums

  Things look pretty stable at this point, although I’m seeing a disturbing number of Error  0x800f0900 on installs.

  If any of the old problems poked through into this round of updates, I haven’t seen any loud scream of pain about them. But the day is yet young.

  Admins, you have a tough day ahead, if you’re using SMBv3.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security March 2020 Black Tuesday, SMBv3

• Which patches were pulled?

  Posted on March 11, 2020 at 07:23 CDT by woody • Comment in the Forums

  Last night, the Microsoft Update Catalog listed 113 patches for “2020-03.”

  This morning, the count’s down to 110.

  Anybody know what happened to the three disappearing patches?

  Windows Patches/Security March 2020 Black Tuesday

• Initial impressions of Patch Tuesday, March 2020

  Posted on March 10, 2020 at 12:15 CDT by woody • Comment in the Forums

  We have 113 new patches in the Microsoft Update Catalog.

  There’s a new Servicing Stack Update for Win10 version 1903 and 1909, KB 4541338. There’s also a new one for Win10 1809 and 1803, and for Win8.1.

  Dustin Childs’s report is up on the ZDI site:

  • 115 separately identified security holes (CVEs)
  • None of them are “Publicly known” or “Exploited.”

  CVE-2020-0852 is his top pick for a notable security hole. It’s a bug in Word that can be triggered if you preview a Word document in Outlook. The offered patches are for Office 2019 Click-to-Run, Mac Office 2016, Office Online Server, and Sharepoint Server 2019. Microsoft categorizes it as “Exploitation less likely.”

  Martin Brinkmann has his usual detailed, thorough analysis of the patches on ghacks.net.

  Microsoft hasn’t acknowledged the bugs in the “optional, non-security, C/D Week” patch for Win10 1903 and 1909, released late last month. No idea if this latest drop fixes any of the multitude of problems with KB 4535996. There’s also no mention I can find of the disappearing icon/temporary profile bug that’s been with us for the past month. But there is a humongous list of fixes to 1903 and 1909.

  Notably, the change lists for both Win10 1903 and 1909 are the same.

  No indication that Win10 version 2004 will ship today. I was half-way expecting it.

  UPDATE: Two hours later and I’m not seeing any major cries of pain. Stay tuned.

  Windows Patches/Security CVE-2020-0852, KB 4535996, KB 4541338, March 2020 Black Tuesday

• Two new, important reasons to block Automatic Updates this month

  Posted on March 9, 2020 at 07:55 CDT by woody • Comment in the Forums

  Those of you who have been following along here know that the day before Patch Tuesday draws a knee-jerk recommendation from me to check and make sure you have updates paused on your machine.

  This month’s worse than most. We don’t know if MS has even seen, much less fixed, the substantive bugs in last month’s “optional, non-security” Win10 patch. And with the folks at Microsoft working from home, by and large, we’re entering uncharted territory in the handling of any bugs that might crop up.

  Even under the best of circumstances, MS has historically done a lousy job of cleaning up after its Patch Tuesday messes. These are anything but the best of circumstances.

  I’m moving us to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security March 2020 Black Tuesday
• Newer Entries »