Monday , 16 July 2018
Home >> E >> Enterprise Applications >> Patch Tuesday brings some surprises, some early crashes, and a surreal solution

Patch Tuesday brings some surprises, some early crashes, and a surreal solution

With all of the problems in the January, February and March patches for Windows and Office, you’d think we would catch a break in April. In one sense we did — some of the worst bugs in the earlier patches now seem to be behind us. But we’re definitely not out of the woods just yet.

Patch Tuesday by the numbers

Tuesday, Microsoft released 177 separate patches covering 66 security holes (CVEs), 24 of which are rated “critical.” The SANS Internet Storm Center says that only one of the patches, CVE 2018-1034, covers a security hole that’s been documented, and it isn’t being exploited.

Further details, compliments of Martin Brinkman on ghacks:

  • Win7: 21 vulnerabilities, 6 rated critical
  • Win8.1: 23 vulnerabilities, 6 rated critical
  • Win10 version 1607: 25 vulnerabilities, 6 critical. (Note that this is the last planned security update for Win10 1607.)
  • Win10 version 1703: 28 vulnerabilities, 6 critical
  • Win10 version 1709: 28 vulnerabilities, 6 critical
  • Server 2008 R2: 21 vulnerabilities, 6 critical
  • Server 2012 and 2012 R2: 23 vulnerabilities, 6 critical
  • Server 2016: 27 vulnerabilities, 6 critical
  • IE 11: 13 vulnerabilities, 8 critical
  • Edge: 10 vulnerabilities, 8 critical

As Dustin Childs notes on the Zero Day Initiative site, five of the critical bugs are variations on an old, tired theme: a “bad” font can take over your machine, if you’re running in admin mode. And it doesn’t matter where the font appears — on a web page, in a document, in an email. Don’t you just love it when fonts get rendered inside the Windows kernel?

close
==[ Click Here 1X ] [ Close ]==