IT Security

Share to Facebook Share to Twitter Share to LinkedIn

Patch Tuesday for the February 2017 updates have been postponed. The updates will be rolled into March patch Tuesday updates instead.

The updates generally are UI improvements and minor bug fixes, two of the issues however were quite important updates to Internet Explorer, Edge and SMB File Sharing. Both of these security issues could lead to remote code execution.

Known skipped fixes:

  • Issue with SMB file sharing – Zero Day exploit that could lead to code execution attacks
  • Internet Explorer/Edge Adobe Flash Player – A file type confusion with flash player that could lead to execution.

The other issue with this is that the windows updates new rollup scheme bundles the updates for the SMB issue and the IE/Edge issues into one update.

Microsoft have said they will implement a separate rollup update for Internet Explorer and Edge Security Patches so that if this occurs again they can still push some security updates for the browser.

For now you will need to wait until March the 14th for the patches to be released. In the meantime I would advise using alternative browsers such as Chrome or Firefox and be careful using file shares in a publicly accessible network.

Further Reading

For more information, please visit: