|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
Patch Tuesday patches are here
As usual, Martin Brinkmann has the first full list:
- Microsoft released security updates for all client and server versions of Windows.
- No critical vulnerabilities in Windows 8.1 and 7.
- Microsoft released security updates for Microsoft Edge, Internet Explorer, Adobe Flash Player, .NET Framework, Microsoft Office, Microsoft Exchange Server, and Microsoft Visual Studio
- The Update Catalog lists 187 updates for January 2019.
Dustin Childs has an interesting take on the patches for the Zero Day Initiative:
-
CVE-2019-0547 – Windows DHCP Client Remote Code Execution Vulnerability
If you are running Windows 10 or Server version 1803, this patch has to be on the top of your deployment list. -
CVE-2019-0586 – Microsoft Exchange Memory Corruption Vulnerability
This corrects a bug in Exchange that could allow an attacker to take control of an Exchange server just by sending it a specially crafted email. -
CVE-2019-0550, CVE-2019-0551 – Windows Hyper-V Remote Code Execution Vulnerability
Which means most of you aren’t in the crosshairs. The only known exploit he lists is for the Jet Database engine — another hole found in ancient technology that probably won’t affect you unless you use an old database application.
There’s also a new Servicing Stack Update for Win10 version 1703, KB 4486458. As if any of you are still running 1703.
There are January Security-only patches for .NET as well as the Security and Quality Rollups.
January 2019 Security Updates for Microsoft Office 2010, Office 2013, Office 2016, the Office Viewers, and SharePoint Servers are available on the Office Support Pages. These Updates are for the .msi versions of Office, not Office 365 or C2R.
UPDATE: It looks like the Win10 version 1803 patch, KB 4480966, may be something you need to install quickly. So far there are no known exploits, and no proof of concept code. But Microsoft is saying it’s bad.
….Remote Code Execution in Windows DHCP Client (9.8/8.8) 😈 It was internally found & no POC will be released but please, start the year off right and patch. your. systems.
BTW, the team who found the DHCP vuln is hiring & @metr0 is someone you really want to work with 😎
— 🇺🇦 Nate Warfield | n0x08.bsky.social🌻 (@n0x08) January 8, 2019
Will keep you posted as the drama unfolds.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Tracking content block list GONE in Firefox 138
by 3 hours, 6 minutes ago
-
How do I migrate Password Managers
by 2 hours, 29 minutes ago
-
Orb : how fast is my Internet connection
by 7 hours, 28 minutes ago
-
Solid color background slows Windows 7 login
by 8 hours, 48 minutes ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 7 hours, 19 minutes ago
-
Security fixes for Firefox
by 6 hours, 47 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 19 hours, 32 minutes ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 1 day, 4 hours ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 19 hours, 37 minutes ago
-
Return of the brain dead FF sidebar
by 6 hours, 48 minutes ago
-
Windows Settings Managed by your Organization
by 5 hours, 56 minutes ago
-
Securing Laptop for Trustee Administrattor
by 6 hours, 57 minutes ago
-
The local account tax
by 8 hours, 9 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 1 day, 17 hours ago
-
Digital TV Antenna Recommendation
by 1 day, 10 hours ago
-
Server 2019 Domain Controllers broken by updates
by 2 days, 5 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 2 days, 7 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 2 days, 10 hours ago
-
Outlook (NEW) Getting really Pushy
by 1 day, 12 hours ago
-
Steps to take before updating to 24H2
by 1 day, 3 hours ago
-
Which Web browser is the most secure for 2025?
by 1 day, 17 hours ago
-
Replacing Skype
by 1 day, 5 hours ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 2 days, 4 hours ago
-
Excel Macro — ask for filename to be saved
by 1 day, 1 hour ago
-
Trying to backup Win 10 computer to iCloud
by 1 day, 5 hours ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 4 days, 10 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 4 days, 12 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 4 days, 12 hours ago
-
No April cumulative update for Win 11 23H2?
by 3 days ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 4 days, 12 hours ago
Remembering Woody
