Microsoft has issued its regular ‘Patch Tuesday’ security update for May, just hours after it released an emergency fix for a dangerous flaw present in most of its anti-malware technology.
That ‘out-of-band’ fix was rushed out on Monday after Google’s Project Zero researchers found a bug that could enable files with custom code to be executed when scanned by products including Microsoft Security Essentials, Windows Defender, and Microsoft Endpoint Protection.
Redmond followed this up on Tuesday with its regular Patch Tuesday update that contained fixes for 57 vulnerabilities in both its products and for Adobe Flash.
Microsoft revealed at the start of this year that it was changing its regular Patch Tuesday update process.
From March it began offering a dynamic online portal (the Security Update Guide) rather than the static bulletins it has published for the past 12 years.
This change is not universally popular as the new format means that system administrators now have to scan tens of pages in order to gain information about crucial updates.
While the Security Update Guide does provide a number of nice filtering options, people are frustrated as a bit of the organisation has now been lost.
That frustration aside, May’s Patch Tuesday update contains fixes for 57 vulnerabilities, including some for zero-day flaws.
This month’s Patch Tuesday covers 57 vulnerability fixes,” commented Amol Sarwate, director of vulnerability research at Qualys. “Highest priority should go to patching 0-day issues which are actively exploited. CVE-2017-0261 can be attacked via Office files containing a malformed graphics image. As this is actively exploited in the wild and attackers can take complete control of the victim system, this should be treated with priority.”
“CVE-2017-0222 is a vulnerability in Internet Explorer, and users can be compromised if they visit a malicious website hosted by attackers,” he added.
“This patch gets priority as the vulnerability is currently exploited in the wild and attackers can take complete control of the victim machine,” he said. “Microsoft also released an update to deprecate websites with public SHA-1 certificates.”
“Today we have updates from Microsoft and Adobe that need some attention,” said Chris Goettl, product manager with Ivanti. “By our count, there are 13 Microsoft updates this month addressing a total of 56 vulnerabilities, including three that have been exploited and three that were publicly disclosed.”
“This is aside from the advisory regarding the ‘crazy bad’ vulnerability discovered in the Malware Protection Engine,” he added. “Adobe has also released an update for Adobe Flash Player that resolves a total of seven vulnerabilities and is rated as critical or priority by Adobe’s verbiage.”
Boeing Starliner space capsule set for first crewed flight into orbit after years of delays,…
Google clashes with US Justice Department in closing arguments as government argues Google used illegal…
Prominent Stanford University AI scientist Fei-Fei Li reportedly completes funding round for start-up based on…
Apple shares surge on optimism that new AI-focused hardware launches will drive renewed sales, starting…
Biden vetoes Republican-backed measure amidst dispute over 'joint employer' status for contract workers, affecting tech…
Lawyers in US social media addiction action say strict controls on Douyin in China show…
