Hello and welcome, admins and users alike, to the fifth edition of PatchWork! We have quite a bit to cover today, with a record 129 fixes for various issues. So without further ado, let’s dive in!
Remote Code Executions
One of the most pronounced vulnerabilities in most Microsoft products, and in most software across the board, is a remote code execution. This round of patches took care of ten of these types of bugs, ranging from executions in Sharepoint and Windows OLE to .LNK files and SMB protocol. The SMB protocol remote code is the one of the worst, detailed in CVE-2020-1301. This bug was hiding within Windows 7 and Server 2008 – a bit dated, but still having many users throughout the world. These 2 systems stopped receiving security support in January 2020, but this update was issued to change how the SMBv1 handled requests. One small benefit was that an attacker trying to take advantage of this vulnerability had to be authenticated on the network, so admins with strong network authentication will be able to better protect their users.
Office and Excel – Watch What You Preview/Open
Microsoft Office and Excel both received quite a few updates this month. There were two different flaws in Excel (CVE-2020-1225 and CVE-2020-1226) that could give control of a computer over to an attacker by simply opening a booby-trapped document. (Be careful what you open.) A different weakness in most versions of Office could have been exploited to bypass the built-in Office security features by simply previewing a malicious document in the preview pane. (Be careful what you preview.) This also affects Office for Mac, although updates are not yet available.
May 2020 – Still Haunting Machines
The Windows 10 (version 2004) May 2020 update last month had numerous upgrades designed to boost the user experience. But these good things didn’t exactly come without the bad stuff on the other side, mostly for Lenovo owners. The problems continued to grow to the point that Lenovo issued a support document detailing the manifold issues plaguing users: non-operational Function keys, yellow warning marks on the disk drive, and even the dread Blue Screen of Death, which occurs intermittently after the system is resumed from a sleep or hibernate mode. The easiest way to take care of this is to simply roll back to version 1909 and wait until Microsoft distributes a fix. If you do own a Lenovo machine and you are concerned about it, you can check this support page and hold off on installing the version 2004 update.
Be Careful, and Do Your Research
Always watch your documents. Make sure they come from approved people and sources. Before you update your computer, make sure you know what you’re getting with your updates, and check your machine’s compatibility. Wait a couple of days after Windows releases an update, then check if your machine might encounter some issues with it.
And until next time, fellow Windows users, here’s to another episode of PatchWork, helping your Windows Patches work for you!