Newsletter Archives

  • Single-purpose patch for CVE-2018-8174, the VBScript 0day, available from 0patch

    Posted on May 15, 2018 at 09:45 CDT by Comment in the Forums

    This isn’t an endorsement.

    If you read my summary of this month’s patches, you’ll recall that there’s one potentially important patch:

    Microsoft released an explanation for the one “critical” Windows patch this month that is being actively exploited — a zero-day. Called CVE-2018-8174, the security hole involves the way Internet Explorer (mis)handles VBScript programs.

    That’s the one big security hole staring at us so far this month. I still haven’t heard of any exploits other than the ones identified by Kaspersky and Qihoo 360 (remember – they involved PDF files in Yiddish/Hebrew sent to Chinese organizations), but it’s still a potential problem.

    And then Microsoft screwed up the Windows 7 patches this month, breaking networks on some Win7 systems.

    Given the current state of affairs, you can either fix the VBScript 0day and possibly break your network card in the process, or you can avoid the update entirely until Microsoft finally fixes it. Whenever that may be.

    I was surprised to discover that 0patch, a well regarded patching platform from ACROS Security, now has a free patch available that plugs the 0day hole by simply, well, plugging the 0day hole. What a novel idea. Microsoft should do that… he says, tongue planted firmly in cheek.

    I’m NOT recommending that you run out and install the 0patch patch. It always gives me the willies when I see a non-Microsoft product offered to fix a Microsoft bug. But in this case, if you read the description, the analyst there who wrote the patch (Mitja Kolsek) knows what he’s doing.

    So rather than recommend that patch, I’m putting out a feeler to see if any of you have installed this patch — or if you have experience with other 0patch patches.

    Whaddya think?

    Windows Patches/Security ,

  • Patch Tuesday problems and fixes, but there’s no cause for alarm

    Posted on May 10, 2018 at 12:08 CDT by Comment in the Forums

    Yet.

    Consolidated news about this month’s patches for Win10 version 1803, the CVE-2018-8174 VBScript zero-day (which isn’t bad yet), the Win10 version 1709 Meltdown bug fix of a fix, the “authentication error” CredSSP bug that isn’t a bug, and the final resolution of that Server 2008 R2 SMB memory leak fix.

    Sliding down the razor blade of patches. Computerworld Woody on Windows.

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.