|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Another Windows 0day appears – gdi32.dll heap boundary error
As 0day bugs go, this isn’t an earth-shattering development. But it’s still enough to cause concern.
Mateusz Jurczyk at Google Project Zero discovered a memory disclosure vulnerability and notified Microsoft on Nov. 17. Project Zero has an automatic 90-day disclosure deadline: If the vendor (in this case Microsoft) doesn’t fix the hole that’s discovered, it will be automatically disclosed 90 days later.
Sure enough, 90 days passed and, on Feb. 14, the timer rang and the full disclosure popped out, including exploit code.
This isn’t a huge bug. The bad guy has to get access to your computer before it can be exploited. Once logged on to your machine, the interloper can open a bad EMF file and use it to sneak a peek at system memory that isn’t theirs.
It seems that security bulletin MS16-074 didn’t fix the problem entirely.
Yuhong Bao (whom I’ve mentioned before, many times) sent a provocative message to the Project Zero folks. He said:
I wonder if this was supposed to be part of the cancelled February Patch Tuesday.
Something to ponder over the upcoming three-day US holiday.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Over-the-Top solves it!
by 2 hours, 18 minutes ago
-
To Susan – Woody Leonhard, the โLionheartedโ
by 5 hours, 14 minutes ago
-
Extracting Data From All Sheets
by 6 hours, 49 minutes ago
-
Use wushowhide in Windows 11 24H2?
by 6 hours, 57 minutes ago
-
Hacktool:Win32/Winring0
by 6 hours, 44 minutes ago
-
Microsoft Defender as Primary Security Question
by 7 hours, 25 minutes ago
-
USB printers might print random text with the January 2025 preview update
by 9 hours, 27 minutes ago
-
Googleโs 10-year-old Chromecast is busted, but a fix is coming
by 19 hours, 4 minutes ago
-
Expand the taskbar?
by 18 hours, 54 minutes ago
-
Gregory Forrest โWoodyโ Leonhard (1951-2025)
by 1 hour, 18 minutes ago
-
March 2025 updates are out
by 6 hours, 59 minutes ago
-
Windows 11 Insider Preview build 26120.3380 released to DEV and BETA
by 1 day, 12 hours ago
-
Update Firefox to prevent add-ons issues from root certificate expiration
by 1 day, 19 hours ago
-
Latest Firefox requires Password on start up
by 1 day, 14 hours ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 2 days, 8 hours ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 1 day, 7 hours ago
-
How Much Daylight have YOU Saved?
by 1 day, 10 hours ago
-
A brief history of Windows Settings
by 1 day, 4 hours ago
-
Thunderbolt is not just for monitors
by 1 day, 2 hours ago
-
Password Generators โ Your first line of defense
by 1 day, 8 hours ago
-
AskWoody at the computer museum
by 7 hours, 54 minutes ago
-
Planning for the unexpected
by 1 day, 9 hours ago
-
Which printer type is the better one to buy?
by 2 days, 10 hours ago
-
Upgrading the web server
by 2 days, 8 hours ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 3 days, 3 hours ago
-
Creating a Google account
by 3 days, 2 hours ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 3 days, 9 hours ago
-
Microsoft Considering AI Models to Replace OpenAIโs in Copilot
by 3 days, 20 hours ago
-
AI *emergent misalignment*
by 3 days, 21 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 2 days, 5 hours ago
