Hello and welcome to the second edition of PatchWork! This month, there was a host of issues that had to be taken care of; however, considering the recent occurrences between two weeks ago and last week, the copious amount of small security patches paled in comparison. Worth briefly noting is the sheer number of small fixes deployed in this cumulative update: 117 in total, the largest in the company’s history. Without further ado, let’s get into the nitty-gritty of the three main issues that plagued Windows users the past two weeks.
KB4535996 or, How to Black Screen Your Machine in No Time
The first issue is a massive attempted fix released on the 27th of February — KB4535996. It includes a fix to “improve battery performance during Modern Standby mode”; however, some users have complained about their computers having an interrupted sleep cycle, where after 2 hours of sleep mode, they suddenly wake back up, a rather irregular occurrence. Some users reported a series of random freezes that only stopped when the update was uninstalled, while others reported their machines could not boot at all, failing a BIOS POST with a series of beeps and a blank screen. A swathe of other comments reported such mishaps as degraded system performance and Blue Screens of Death. If your Windows system has experienced any of these with increasing regularity, check your Windows Updates, and uninstall this one until they roll out a separate fix.
CVE-2020-0796: The ‘Wormable’ SMBv3 Exploit
Another major issue for a short while was an exploit that took advantage of the way the Server Message Block (SMB) protocol handled requests, allowing attackers to execute code on the target server or client. This was patched on 12 March, but was out for a few days, and could have been an egregious error if not taken care of. It’s still a risk, though, so the correct step to take, if you’re an admin running a server, is to disable SMB access to their Windows hosts from unknown/public IP addresses unless necessary.
CVE-2020-0852: Microsoft Word and Memory
This vulnerability springs to life when Microsoft Word fails to properly handle objects in memory. An attacker could pull this off simply by sending a specifically crafted Word file to a victim with a remote code executable, and all the victim would have to do is open the file – but not even completely open it, simply opening it in the Outlook Preview pane would put someone at risk. This was one of the main risks that was patched in the Patch Tuesday releases, but was also a very egregious error.
To conclude, always check your updates, always double check your emails before you open the attachments, and always, always, ALWAYS keep a tight security on your computers.
Until next time, this has been your monthly installment of PatchWork!