Microsoft has issued its regular ‘Patch Tuesday’ security update for May, just hours after it released an emergency fix for a dangerous flaw present in most of its anti-malware technology.
That ‘out-of-band’ fix was rushed out on Monday after Google’s Project Zero researchers found a bug that could enable files with custom code to be executed when scanned by products including Microsoft Security Essentials, Windows Defender, and Microsoft Endpoint Protection.
Redmond followed this up on Tuesday with its regular Patch Tuesday update that contained fixes for 57 vulnerabilities in both its products and for Adobe Flash.
Microsoft revealed at the start of this year that it was changing its regular Patch Tuesday update process.
From March it began offering a dynamic online portal (the Security Update Guide) rather than the static bulletins it has published for the past 12 years.
This change is not universally popular as the new format means that system administrators now have to scan tens of pages in order to gain information about crucial updates.
While the Security Update Guide does provide a number of nice filtering options, people are frustrated as a bit of the organisation has now been lost.
That frustration aside, May’s Patch Tuesday update contains fixes for 57 vulnerabilities, including some for zero-day flaws.
This month’s Patch Tuesday covers 57 vulnerability fixes,” commented Amol Sarwate, director of vulnerability research at Qualys. “Highest priority should go to patching 0-day issues which are actively exploited. CVE-2017-0261 can be attacked via Office files containing a malformed graphics image. As this is actively exploited in the wild and attackers can take complete control of the victim system, this should be treated with priority.”
“CVE-2017-0222 is a vulnerability in Internet Explorer, and users can be compromised if they visit a malicious website hosted by attackers,” he added.
“This patch gets priority as the vulnerability is currently exploited in the wild and attackers can take complete control of the victim machine,” he said. “Microsoft also released an update to deprecate websites with public SHA-1 certificates.”
“Today we have updates from Microsoft and Adobe that need some attention,” said Chris Goettl, product manager with Ivanti. “By our count, there are 13 Microsoft updates this month addressing a total of 56 vulnerabilities, including three that have been exploited and three that were publicly disclosed.”
“This is aside from the advisory regarding the ‘crazy bad’ vulnerability discovered in the Malware Protection Engine,” he added. “Adobe has also released an update for Adobe Flash Player that resolves a total of seven vulnerabilities and is rated as critical or priority by Adobe’s verbiage.”
British regulator invites feedback on major partnerships Microsoft and Amazon have struck with smaller AI…
Another 20 staff have been fired by Google over Israel protest and their “completely unacceptable…
Censorship row brewing down under, after the Australian Prime Minister calls Elon Musk an 'arrogant…
Financial regulator asks New York judge to impose $5.3 billion in fines against Terraform Labs…
Lightweight artificial intelligence model launched this week by Microsoft, offering more cost-effective option for Azure…
ByteDance protest falls on deaf ears, as Senate passes TikTok ban or divest bill, with…