06 Feb 2021
Earlier this month Microsoft released a series of patches to rectify over seventy security issues in Windows and software that interacts with Windows, including critical updates for Adobe Flash Player and Microsoft Office. At least twenty of the flaws are considered critical as Microsoft believes hackers could easily compromise systems.
The number one priority patch involves a publicly disclosed issue with Microsoft Exchange. CVE-2019-0686 allows anyone on the same network to access the inbox of other users. Another flaw, discovered by Google (CVE-2019-0676) that attackers are already exploiting allows unauthorized users to check for the presence of specific files on the target’s hard drive. One critical patch addresses CVE-2019-0626 which allows attackers to execute malcode by sending the target a DHCP request.
Fixes also included a patch for Adobe Flash Player. Flash laws are a frequent access point for hackers. The patch fixes IE and Edge vulnerabilities. Google Chrome auto-updates Flash for users. Firefox forces users to click in order to play Flash content. Adobe Acrobat and Adobe Reader are also victims of over seventy security holes so be sure to update those as well.
While security experts urge people to run patches immediately, krebsonsecurity suggests waiting just a day or two to ensure that buggy patches don’t cause even more issues for the user. Windows 10 will install patches and reboot your system on its own, making it difficult (but not impossible) to pause the updates. All other Windows send an alert that allows you to choose when to install.