• A most unusual Patch Tuesday

    Posted on June 13, 2017 at 18:44 CDT by Comment in the Forums

    Microsoft has released its usual Patch Tuesday flood, and it’s enormous: 358 patches addressing 96 individually identified security holes. Gregg Keizer at Computerworld just posted a thorough overview.

    Martin Brinkmann at ghacks.net has the full list. Here’s the summary:

    • Windows 7:  48 vulnerabilities of which 6 are rated critical, and 42 important
    • Windows 8.1: 52 vulnerabilities of which 8 are rated critical, and the remaining 44 important
    • Windows RT 8.1: 48 vulnerabilities of which 8 are rated critical, and 40 important
    • Windows 10 version 1703: 45 vulnerabilities of which 7 are rated critical, and 38 important.

    At the same time, Microsoft has released individual patches for Windows XP and Vista – both of which are beyond their end of support dates.

    There’s a reason why Microsoft released XP/Server 2003 updates – they didn’t bother to patch either last month, with the WinXP patch for WannaCry.

    Full details in my Woody on Windows blog, which has just moved from InfoWorld to Computerworld.

    UPDATE: Microsoft even released a patch for Win10 1507 — the original, “RTM” release, which is supposed to be out of support. See KB 4022727.

    Brad Sams, writing on Petri.com, calls the XP patch “a dangerous precedent.” I say hogwash. It’s an overdue CYA patch. Can you imagine what would happen with a working XP SMB worm?

    Peter Bright = Dr. Pizza, writing on Ars Technica says “Microsoft’s decision to patch Windows XP is a mistake.” I say he’s wrong. Microsoft didn’t have any choice – and won’t have any choice, in the future, but to patch NSA-derived security holes in all versions of Windows from XP onward.

    Dan Goodin, also on Ars Technica, now has technical details. He hits the nail on the head when he says, in conclusion:

    Company officials are showing that, as much as they don’t want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.

    And, I would add, a potential replay of the WannaCry outbreak long after learning the details from the NSA.

    This doesn’t smell right.

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.