My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Microsoft Patch Tuesday Delayed

Published: 2017-02-14. Last Updated: 2017-02-18 01:46:21 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

Microsoft delayed the release of all bulletins scheduled for today. Today was supposed to be the first month of Microsoft using its new update process, which meant that we would no longer see a bulletin summary, and patches would be released as monolithic updates vs. individually. It is possible that this change in process caused the delay.

At this point, we do not know when Microsoft will release it's February patches. There is still the unpatched SMB 3 DoS vulnerability that I hoped would be addressed in this round.

https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

7 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

Going to throw a lot of people off now that Adobe released their patches. I know a lot of people tend to rely on bundling both as to reduce reboots and such.
T'will be interesting to hear the reason. Hopefully it's not a replay of what happened to Juniper where their code was compromised and downloaded by customers for years. On the positive side, if that is it, it may force some people to invest in real controls.
[quote]There is still the unpatched SMB 3 DoS vulnerability that I hoped would be addressed in this round.[/quote]
There is another, 20+ year old bug^W0-day vulnerability in the NT kernel, "thanks" to which a user program can crash ALL versions of Windows NT.
There may be more going on than just a bad update. The latest signature update for Windows Defender/MSE was about 36 hours ago. This is also distributed by Windows Update/Microsoft Update, which appears to not be functioning at the moment.
Yes, my Windows 7 Professional 64 bit was affected by this as well. Please go into Microsoft Security Essentials or Defender if you have Windows 8.x/10 and update the definitions manually from there. This worked for me. I now have working definitions of 1.235.2849.0. Since we are talking about Windows here, I certainly like EMET as well and MalwareBytes Professional 2.x. MalwareBytes Professional 3.x is not compatible with EMET so I do not use it and I like version 2 as well because it has met all my safety and security needs.
Strange that they pulled all updates, usually they will just drop the bad patch. I wonder if this is related to the cumulative updates. (Which I hate BTW)
Yes, I feel it is due to Microsoft's update model. The new cumulative update model is for Microsoft and to lower costs and is in the best approach for shareholders but is not the best option for IT Professionals. This also makes it much harder to roll out updates to our networks because it is a take all or none approach. Fortunately, there is the security update only model which I have been relying on since last cumulative update in October 2017. The preview model of November 2017 showed there would be telemetry and I have been working very hard to prevent telemetry from penetrating our Windows 7 Networks. With the security model you must update every month and it seems to be okay so far. I was using the roll up model for *.Net Framework until the problematic update in December and was able to downgrade from 4.6.x to 4.5 as well as removing that bad update. It will be only security updates for Windows 7 from now on in my networks. Hopefully, there will not be something critical that I need that is not a security update but I doubt it for now and that is a good thing. Finally, if you want to eliminate all telemetry from your networks you will have to go as far back as April 2015 and audit your networks for telemetry leakage. Yes, it is encrypted and sent to Microsoft but I want the control like I have in Microsoft Security Essentials for Windows 7 Professional 64 bit on how much information to send to Microsoft. Sadly, the telemetry option can only be removed in Windows 10 Enterprise and from what I read Windows 10 Educational Edition. There may be a way to stop it through the registry or some other way but I don't currently have the time or patience for that and the new SaaS model is a way to ramp up profits for Microsoft and the additional layers like SMB 3 in Windows 8.x and Windows 10 become more problematic because the surface area of the operating system is increased due to the additional layers of services offered in Windows 8.x and Windows 10. This is why I currently suggest Windows 7 Professional and Enterprise Editions if you want the best Microsoft has to offer. I layer that with MalWareBytes Professional 2.x as well as EMET. I also have other protections but I have rambled on too long in this response.

Diary Archives