Hello and welcome back to another episode of PatchWork! This episode we’re going to take a more in depth look at a few particular updates that are still demonstrating their influence despite Patch Tuesday being two weeks ago. Microsoft had another amazing 113 vulnerabilities, 19 of which are critical and the other 94 being considered important.
KB4549951 or, Would you like another bricked machine with your updates?
This KB was introduced back on the 14th of April, in this case packaged in with the Patch Tuesday release, and has recently been superseded by KB4550945 to patch the error (on the 20th), but this did not spare some people from having the Windows Defender malware functionality completely broken. While attempting to introduce some security fixes, people occasionally found files moved around or deleted with little to no warning, and instances of the Blue Screen of Death have been reported.
The best solution provided by Microsoft at this time is to roll the updates back and wait until the May 2020 cumulative updates.
CVE-2020-0968 – Internet Explorer memory corruption vulnerability
This was also recently taken care of on Patch Tuesday. This was a zero-day bug that allowed remote code to be executed on another machine due to improper handling of objects in memory. The primary method of execution would be leading someone to click into a website either owned by the attacker, or which already contained the malicious code, or by having someone open a document in Microsoft Office that contained the code already.
Now, while this vulnerability doesn’t see as much use due to a decline in popularity of the Internet Explorer browser, you should still practice safe browsing, and be careful when opening links or documents from your emails.
Conclusion? Safe Practices Until Solid Patches
Until Microsoft stabilizes their patches, I would stick with their recommendation and hold off on updating your machine or roll back the updates if you already have them, and not run the risk of such instances as lost data or Blue Screening your computer. Continue to practice safe Internet use and watch your email carefully for suspicious links or attachments (obviously, don’t open it if you don’t know where it’s from).
Until next time, stay safe, and stick with PatchWork to help make Patch Tuesday work for you!