Update: Microsoft has reissued KB3001652 and for the most part, it seems to be working. The initial release of the patch caused a continuous boot loop upon failed completion. New developments suggest that the reissued patch causes no untoward issues as yet.
Thanks to Microsoft‘s new vulnerability disclosure policy, it has been a rather quiet-than-usual lead-up to this month’s Patch Tuesday, but that doesn’t mean the day passed without movement from the Redmond tech giant.
No ad to show here.
Microsoft issued a total of 56 security patches for vulnerabilities, with 41 addressing Internet Explorer holes, six rated as important and three as critical.
One of these critical bugs, known as JASBUG, can allow the attacker to execute code remotely on the affected machine, but the vulnerability could lead to a complete hijacking of the system.
‘JASBUG’
This is a fairly large bug too, affecting all Microsoft operating systems from Server 2003, through to Windows 8.1 and Windows 8.1 RT.
More importantly, Windows Server 2003 didn’t receive the patch and there’s a good reason for this, according to JAS Global Advisors, the company that discovered the bug.
Unlike recent high-profile vulnerabilities like Heartbleed, Shellshock, Gotofail, and POODLE, this is a design problem not an implementation problem. The fix required Microsoft to re-engineer core components of the operating system and to add several new features. Careful attention to backwards compatibility and supported configurations was required, and Microsoft performed extensive regression testing to minimize the potential for unanticipated side effects.
Data science firm simMachines was also an integral part in uncovering the bug, that incredibly, was 15 years old upon discovery.
You can read more about the bug and its effects here.
Office and ‘KB3001652’
Two other important updates concern Microsoft’s Office suite, and one of them is wreaking all kinds of havoc on machines that have attempted to install it.
Although we do recommend that users run Windows Update as soon as Microsoft issues these updates, occasionally something like this happens.
There are reports suggesting that update “KB3001652” is causing failed updates and boot-loop issues with some Windows machines.
First Responders: KB3001652 Hangs Computers, Never Finishes Installation http://t.co/1PmvqNa50h
— Windows IT Pro (@WindowsITPro) February 11, 2015
The patch aims to address a vulnerability in Microsoft Visual Studio 2010 Tools for Office Runtime but instead it never completes the update. For now, it’s advised that users refrain from installing this particular update.
Microsoft’s details and recommendations for this patch can be viewed here.
Lastly, Internet Explorer received a cavalcade of updates, Windows 10 (Build 9926) received just two and Adobe’s Flash Player (if you haven’t quite received the news) has been updated a few days ago, so it’s recommended that you install the patched Player too from Adobe’s update portal.