|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Krebs: This month’s code signing zeroday, CVE-2020-1464, has been around for two years
This month we had two zero-days fixed in the Patch Tuesday crop. Several folks in the press screamed that the sky is falling and you have to get patched right now.
Seems that the truth is a bit more prosaic. As truth frequently is.
First we discovered that one of the zero-days, CVE-2020-1380, relies on Internet Explorer and it’s been used on an undisclosed South Korean company, in conjunction with other security holes. By itself, this zero-day doesn’t mean much.
Now comes word from Brian Krebs that the other zero-day, CVE-2020-1464, was reported to Microsoft two years ago. It’s not exactly front-burner stuff:
Asked to comment on why it waited two years to patch a flaw that was actively being exploited to compromise the security of Windows computers, Microsoft dodged the question, saying Windows users who have applied the latest security updates are protected from this attack.
Moral of the story: It’s very, very rare that you need to patch immediately. Wait and see what problems crop up before you install the latest fare from Microsoft.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Windows hosting exposes additional bugs
by 4 hours, 22 minutes ago
-
No more rounded corners??
by 10 minutes ago
-
Android 15 and IPV6
by 5 hours, 27 minutes ago
-
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by 16 hours, 42 minutes ago
-
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by 19 hours, 24 minutes ago
-
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by 13 hours, 59 minutes ago
-
Windows Update orchestration platform to update all software
by 1 day, 2 hours ago
-
May preview updates
by 14 hours, 7 minutes ago
-
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by 5 hours, 42 minutes ago
-
Just got this pop-up page while browsing
by 18 hours, 55 minutes ago
-
KB5058379 / KB 5061768 Failures
by 15 hours, 59 minutes ago
-
Windows 10 23H2 Good to Update to ?
by 33 minutes ago
-
At last – installation of 24H2
by 1 day, 18 hours ago
-
MS-DEFCON 4: As good as it gets
by 5 hours, 18 minutes ago
-
RyTuneX optimize Windows 10/11 tool
by 2 days, 6 hours ago
-
Can I just update from Win11 22H2 to 23H2?
by 4 hours, 53 minutes ago
-
Limited account permission error related to Windows Update
by 2 days, 19 hours ago
-
Another test post
by 2 days, 20 hours ago
-
Connect to someone else computer
by 2 days, 14 hours ago
-
Limit on User names?
by 2 days, 17 hours ago
-
Choose the right apps for traveling
by 2 days, 7 hours ago
-
BitLocker rears its head
by 1 day, 15 hours ago
-
Who are you? (2025 edition)
by 1 day, 14 hours ago
-
AskWoody at the computer museum, round two
by 2 days, 9 hours ago
-
A smarter, simpler Firefox address bar
by 3 days, 6 hours ago
-
Woody
by 3 days, 15 hours ago
-
24H2 has suppressed my favoured spider
by 1 day, 15 hours ago
-
GeForce RTX 5060 in certain motherboards could experience blank screens
by 4 days, 5 hours ago
-
MS Office 365 Home on MAC
by 3 days, 23 hours ago
-
Google’s Veo3 video generator. Before you ask: yes, everything is AI here
by 4 days, 20 hours ago
Remembering Woody
