Despite the inconvenience, especially during shutdown and startup, it’s nowadays essential to keep your operating system and software updated. Just recently, Microsoft has patched 64 flaws it found in Windows 10, MS Office, Sharepoint, Skype for Business, Visual Studio and ChakraCore. These flaws range from minor to critical in severity. If you’re not updated yet, you need to do so as 17 of these patches are critical and that two of these are already being exploited as per Google.
The two aforementioned vulnerabilities (CVE-2019-0808, CVE-2019-0797,) reside in the Win32k component which is crucial for backwards compatibility with legacy systems that Windows still can’t do without. Google reported earlier that one of these vulnerabilities was being exploited in conjunction with a Google Chrome flaw which they patched last week. These flaws together allow attackers to take full control of Windows 7 or Windows Server 2018 computers. The other Microsoft flaw is similar but affects later versions of Windows as well as Windows Server 2012, 2016 and 2019. These two flaws were thankfully detected by security researchers Boris Larin and Vasily Berdnikov of Kaspersky Labs.
45 of the patched flaws are also considered important so it pays a lot for users to immediately update. They also allow for remote code execution, privilege elevation and denial of service and are present in Internet Explorer which by now nobody should be using, DHCP Client, VBScript and the Chakra Script Engine.
One can’t blame some systems administrators for being reluctant with updates as Microsoft has been having problems with updates as well. Some updates tend to damage or brick some systems due to compatibility reasons thanks to the millions of configurations possible with the Windows ecosystem.
But thankfully, Windows 10 is now able to uninstall problematic updates which brings forth the problem of systems not being updated for new vulnerabilities until 30 days after, for which problematic updates are debugged by Microsoft based on Windows reports. It’s a welcome change nonetheless as the ability to do work takes still takes precedence.