AI-Enabled Samsung Galaxy Z Series with Innovative Foldable Form Factor & Significantly Improved Screen Delivers New User Experiences Across Productivity, Communication & Creativity The…
Patch Tuesday March 2015: Stuxnet and FREAK patched, two updates causing issues [update]
Update (18 March): Microsoft has re-released the KB3002657, but only for Windows Server 2003. The company advises that even if the patch didn’t cause issues, it is advised that version two of the patch be installed over it.
Here’s an excerpt from the updated security bulletin:
To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action.
It has been a week since Microsoft pushed five critical updates, and 14 in total, to users of its software products and there have been largely subdued reports of a few updates ruining Windows installations. Citing Microsoft‘s seemingly frequent update issues, we’ve moved our regular Patch Tuesday roundup to the week after, to properly evaluate the effects of each update.
It has been another busy week for Microsoft in that regard, plugging some holes left by the hilariously dated by destructive Stuxnet worm, the new FREAK vulnerability and just some run-of-the-mill housekeeping.
(Prepare for acronyms.)
FREAK encryption vulnerability patched
FREAK however, was discovered two weeks ago publicly by Karthikeyan Bhargavan at Paris’ INRIA and the miTLS team, not Microsoft, interestingly enough.
If you’re wondering why the vulnerability is such a big deal, have a gander through the University of Michegan‘s notes on the issue.
Browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption. […] Far more browsers are vulnerable to the FREAK attack than was initially thought when the attack was announced.
These browsers included the likes of Microsoft’s Internet Explorer, but the company soon issued an advisory and a patch.
Stuxnet finally patched
Another one of these critical exploits was a Stuxnet hole, left unguarded since 2010. If you recall back in 2009, the Stuxnet worm was blamed for crippling the Iranian nuclear power programme, which is a massive feat in itself.
For the non-Uranium loving user though running Windows, your machine has been vulnerable now for over six years.
The vulnerability exploited the .LNK extension allowed a remote attacker to access the machine and subsequently run malicious code remotely. It’s perhaps even scarier that Microsoft left this hole open for so long.
So what has gone wrong?
Are there any updates causing issues with machines since their installation? Well, yes.
KB3033929 is one causing machines to spiral into that infamous and infinite boot loop users all love to hate. It addresses a vulnerability in the SHA-2 signing and verification system for Windows 7 and Server 2008, but it seems to be causing more harm than good.
It’s not a critical install, but if you’d like to read more about the issue, there’s a Microsoft Technet forum thread dedicated to it here. For now, you should probably deselect it when installing updates, especially for those running Windows 7 64-bit.
KB3002657 also seems to be causing a few issues, namely with the oft-used SMB protocol. Jason Sherry, a Microsoft infrastructure guru, notes that the update “breaks authentication for some applications and devices that use NTLM for authentication. This includes SMB/SMB2/SMB3, used for file shares and NAS, and other clients.”
This is bad news for those running home NASs, as “users will be prompted for authentication over and over, without success,” notes Sherry.
It seems that other updates are all cooperating with users’ systems. And of course, if you haven’t run Windows Update yet (if its not set to automatically start), you should probably do that right now. Just make sure you deselect the two updates mentioned above until adequate fixes are published.
Featured image: Mike Mozart via Flickr