As Gregg Keizer explained in January, the Meltdown and Spectre patches caused mayhem with some antivirus products. This month’s Win10 patches no longer look for the Qualit圜ompat registry key. Win10 patches no longer require antivirus stamps There’s also a long list of new microcode patches for Intel processors - but none of the announced KB articles (e.g., KB 40916, KB 40916) are available, as of early Wednesday morning.Īgain, for emphasis, there are no known Meltdown or Spectre exploits in the wild. There’s a list of Server 2008 and Server 2012 patches that cover Meltdown. Microsoft reissued its Security Advisory ADV180002 Guidance to mitigate speculative execution side-channel vulnerabilities to announce that it’s distributing Meltdown patches for 32-bit versions of Win7 and 8.1, which have been conspicuously absent. Curiously, Office 2007 is still getting patched, even though it hit the end of extended support almost a year ago. None of them appear to be pressing - although the Equation Editor security hole I warned you about in January is under active attack. Office had 23 security patches and 26 non-security patches this month. Johannes Ullrich at the SANS Internet Storm Center lists the specific fixed security holes by CVE number, confirming that two of the CVEs have been disclosed to the world, but none of them have been exploited - and the two disclosed CVEs are listed as “Severity: Important” which means that they really aren’t all that important. Looks like patching is set to become Microsoft’s next billion-dollar business. If you break those down into individual patches for specific platforms, the total damage comes to 1,352 rubber-meets-the-road patches. Microsoft Edge : 16 vulnerabilities, 12 critical, 4 important.Internet Explorer 11 : 7 vulnerabilities, 2 critical, 5 important.Windows Server 2016 : 29 vulnerabilities, of which 29 are rated important.Windows Server 20 R2 : 21 vulnerabilities, of which 21 are rated important.Windows Server 2008 R 2: 22 vulnerabilities, of which 22 are rated important.Windows Server 2008 : 21 vulnerabilities, of which 21 are rated important.Windows 10 version 1709 : 24 vulnerabilities, of which 24 are rated important.Windows 10 version 1703 : 28 vulnerabilities, of which 28 are rated important.Windows 10 version 1607 : 29 vulnerabilities, of which 29 are rated important.Windows 8.1 : 20 vulnerabilities, of which 20 are rated important.Windows 7 : 21 vulnerabilities, of which 21 are rated important.By the numbersĪs usual, Martin Binkmann on, has the best summary: Still waiting for confirmation on that one. (Worth repeating: There are still no known exploits for Meltdown or Spectre.) The bad news? Reports of another forced upgrade to Win10 Fall Creators Update. The good news is that there are no known exploits for any of the “Critical” rated security holes. On a scale from 1 to 10, Microsoft in March has ratcheted the patching pace up to 11.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |