Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Patch Tuesday February 2017 postponed


  • Please log in to reply
13 replies to this topic

#1 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 14 February 2017 - 12:06 PM

https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

 

 

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

 


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 14 February 2017 - 12:23 PM

This is why I always wait a week before downloading patches but this is not to say everybody should do it. Just think if this wasn't caught. Now that Microsoft puts all their patches in a rollup it's either one or none. Going back to the old system Microsoft could have held back the bad patch and released the rest.



#3 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:02:00 AM

Posted 14 February 2017 - 03:12 PM

I have to do exactly the opposite and apply patches immediately so that I get to see issues before my users do.

 

One problem with deferring the updates is that Adobe has gone right ahead and issued their parches including one for Flash player (including security content). As Microsoft push flashplayer updates for their more recent OSs, Windows users are going to be using unpatched flash with the bad guys reverse engineering the fixes released directly by adobe and producing exploits for the vulnerablities exposed..

 

Hmmmmmm........

 

x64



#4 JohnC_21

JohnC_21

  • Members
  • 24,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 14 February 2017 - 03:26 PM

I have to do exactly the opposite and apply patches immediately so that I get to see issues before my users do.

 

One problem with deferring the updates is that Adobe has gone right ahead and issued their parches including one for Flash player (including security content). As Microsoft push flashplayer updates for their more recent OSs, Windows users are going to be using unpatched flash with the bad guys reverse engineering the fixes released directly by adobe and producing exploits for the vulnerablities exposed..

 

Hmmmmmm........

 

x64

Good point. Another reason I never use Internet Explorer



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:12:00 PM

Posted 14 February 2017 - 06:14 PM

Well i have WSUS to never install updates unless i manually approve them because of issues from MS creating havoc for me LOL (Being the only sysadmin around).

Even with flash (I limit users using it to an absolute minimum), ensure its never on AutoPlay and you wont have an issue.

What i do is, i have a subtree on WSUS, move a node to that (Normally my own PC) and then approve updates for that subtree and reboot and check for issues.

Also note, i always create my WSUS to match that of OU's in AD. Make things a lot easier and when you roll the updates they are targeted per OU group (WSUS subtree) instead of the whole company.


Edited by JohnnyJammer, 14 February 2017 - 06:15 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 PM

Posted 14 February 2017 - 07:00 PM

Since I live in a rural area, I usually take all my laptops to a library in another county to download the updates. I often do this on cold and rainy days when there is nothing else to do. It was going to rain tomorrow so I guess I won't be going anywhere.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 opera

opera

  • Members
  • 1,023 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 16 February 2017 - 12:56 AM

Now to be released in March instead.

 

See updated notice here

 

https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 PM

Posted 16 February 2017 - 07:05 AM

So in other words, they are skipping an entire month.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 JohnC_21

JohnC_21

  • Members
  • 24,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 16 February 2017 - 02:58 PM

http://www.computerworld.com/article/3170633/microsoft-windows/windows-update-issues-may-be-at-root-of-februarys-patch-delay.html

 

Microsoft was closed-mouthed yesterday about why it postponed the month's security updates, but a patch expert argued that it was probably due to one of more problems with the company's update service infrastructure, not a single flawed fix.
 
"Something is broken in the infrastructure, in Windows Update or the [Microsoft Update] Catalog, is my guess," said Chris Goettl, product manager at patch management vendor Ivanti, formerly Shavlik.
 
Goettl contended that a back-end snafu was the most likely cause for the unprecedented delay, which Microsoft announced yesterday, because other potential causes made less sense.

 

 



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 PM

Posted 16 February 2017 - 03:02 PM

Sounds more like an educated guess.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 JohnC_21

JohnC_21

  • Members
  • 24,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:00 PM

Posted 16 February 2017 - 03:06 PM

Sound like one of the better ones though. The SMB exploit is out in the wild and it will be another month before it's patched. I still say Microsoft made a mistake rolling up multiple patches into one update but even with a rollup why couldn't Microsoft strip out the bad patch and release the rest.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:00 PM

Posted 16 February 2017 - 03:37 PM

I think the all-in-one rollup was a mistake too. I never read a clear explaination for them doing that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:02:00 AM

Posted 16 February 2017 - 04:28 PM

I don't like the all-in-one updates either, but there are a few reasons why they did them - Two major official ones and I suppose, one unofficial reason spring to mind.

 

The official ones are:

  • When you install a new instance of the OS, you will no longer have to go through the rigmarole of installing a large number of updates (frequently 100+) reboot, a few more, reboot, another 50 etc, until all are consumed. When a OS has been around a few years, that process can take a day of leaving a new PC updating before it's ready for use.
  • Stabilty - If everyone is running the latest code, then there should be less room for incompatible versions of different files to cause trouble when they interact in unexpected ways.(well that's the theory anyhow).

And the unofficial one - not haveing to think about those version compatibilty issues must make Microsoft's job in maintaining the code easier as well as testing changes (apparantly they do try!) - I would imagine that it reduces their costs in a big way.

 

Another thing to note. The February updates were supposed to be the first time that they started rolling older updates into the cumulative updates for Win7 tand 8.1 . Up until now, the new cumulative updates had been based on changes from October '16, with all ealier updates still issued discretely. This month was supposed to have been the previoudly released 'Cumulative Oct '16 to Jan '17' updates , the new Feb '17 updates and and some updates from earlier than Oct '16. Over several months they are planning to roll all older patches into the cumulative update.

 

There are also issues for companies running WSUS servers - the conventional WSUS packages dont handle the CU's very well. MS recommend enabling Express updates but doing so increases the WSUS content folder size on the server many times (old way, typically around 400GB - with express updates enabled, 1TB or more (and server grade storage is not cheap!).. Arrgh!!!!.. Then of course you need to develop and test a new updating strategy, and then you find that MS categorise the "Security only" versions updates the same as the "Security and Quality" versions of the updates, making it impossible to distinguish between them when automattically approving updates in WSUS (before anyone says anything - I do NOT leave server updates on auto approve!!!!, but I do manually run approval rules then tweak the results).

 

Of course there are the other issues about not being able to duck individual patches, not documenting the changes sufficiently etc...

 

All in all, a (partially) well intentioned, bad idea.

 

x64


Edited by x64, 16 February 2017 - 04:28 PM.


#14 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:02:00 AM

Posted 21 February 2017 - 03:33 PM

....

One problem with deferring the updates is that Adobe has gone right ahead and issued their parches including one for Flash player (including security content). As Microsoft push flashplayer updates for their more recent OSs, Windows users are going to be using unpatched flash with the bad guys reverse engineering the fixes released directly by adobe and producing exploits for the vulnerablities exposed..

...

Appologies for quoting a post of mine, but it does seem really strange that MS really have deferred ALL updates until next month.

 

The Flashplayer issue was my initial glaring target, but there was also the SMB issue (thankfully enough, easy to/almost certainly already firewalled out from public access), and now we havethe Project zero generated zero day - maybe they should rename that "Project zero day"!..

 

Given that the MS issued Adobe updates are a different update stream (they are not role into the Windows main product updates, in the sme way that .NET updates are not) It's odd that the MS-Adobe  were not released anyway.

 

x64






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users