Not-so-happy Patch Tuesday

Somewhere an someone is saying, “We don’t need to patch…” Maybe it’s an executive. Maybe it’s an old IT guy who says, “We’ve always done it this way.” Where “this way” means applying patches a few times per year. Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!.

Today is Microsoft’s July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why!

There are several reasons for all the cursing…

So, there’s a wormable vulnerability in Microsoft Server, remote code execution problems in both Edge and the VBScript engine, an Elevation of Privilege vulnerability, a few problems that could enhance Phishing attacks, and more.

And for the wormable vulnerability in Microsoft Server, known as SigRed, there is already example code available that makes use of the vulnerability. Does anyone remember WannaCry? This Is A Big Deal. SigRed: A 17-year-old ‘wormable’ vulnerability for hijacking Microsoft Windows Server.

Dubbed “SigRed,” the cybersecurity team says the vulnerability is of particular importance to the enterprise as it is wormable — or self-propagating — and as such, is able to jump across vulnerable machines without any user interaction, potentially compromising an entire organization’s network of PCs in the process.

Data Stealing. Ransomware. Once a bad-guy is inside a corporate network with “arbitrary code execution,” they can do anything they want.

2 thoughts on “Not-so-happy Patch Tuesday

  1. And they managed to push an unidentified patch to Outlook that completely broke it for thousands of users. It’s almost like they have been using offshore programmers who don’t understand testing or even integrity of the product. Before anyone say anything, I was a developer for 45 years and participated on some projects that spanned years and millions of lines of code. This level of failure is rank incompetence of the highest degree.

    Like

    • Programmers – in any nation – haven’t understood testing in 2 decades. Nothing has to be right. It doesn’t matter. Hurry up and break things.

      Of course that doesn’t work if you are controlling medical equipment, chemical processes, etc. But that isn’t what we do anymore, for the most part.

      The Democratic App that was supposed to make the Iowa Caucuses SOOOO efficient, is only the most notable example in the past few years.

      Like

Comments are closed.