September 30, 2016

Third time’s a charm for Microsoft’s recent security patches

microsoft logo(LiveHacking.Com) – Just under two weeks ago Microsoft released its regular set of patches for Windows and other Microsoft products to fix the current security vulnerabilities. Some of these patches were deemed as Critical because the vulnerabilities could allow a hacker to execute arbitrary code on an affected PC and gain remote access to the machine.

Among the original updates was MS13-066, a patch rated as Important which fixed a vulnerability in the Active Directory Federation Services. The original vulnerability could allow information disclosure. Unfortunately after its release, Microsoft discovered that the patch could cause the AD FS to stop working. As a result Microsoft removed the update. Then last week Microsoft re-released the bulletin with a fix for the fix. It turns out that systems without the RU3 rollup QFE installed experienced the problems. The new patch should work with or without RU3.

That was strike one.

August’s Patch Tuesday also contained MS13-061 a Critical patch to fix vulnerabilities in Microsoft’s Exchange Server. If exploited these vulnerabilities could allow remote code execution. Like for MS13-066, after the release of the patch Microsoft discovered some problems. Specifically that after the update Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2 would stop indexing mail. Today Microsoft released MS13-061 to fix the bug that stopped the indexing of messages.

That was strike two.

The next (and last?) patch that caused trouble for Microsoft was MS13-057, a Critical patch from July which addressed a vulnerability in the Windows Media Format Runtime. The vulnerability could allow remote code execution if a user opens a specially crafted media file. Just before August’s Patch Tuesday Microsoft re-released it to address an application compatibility issue in which WMV encoded video could fail to properly render during playback. Originally this only affected Windows 7 and Windows Server 2008 R2. Today Microsoft released the patch (third time’s a charm – we hope) for Windows XP, Windows Server 2003 and Windows Vista to address the same WMV playback error.

And that was strike three? Any more swings at the ball Microsoft???

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks