Microsoft issues bug fix one day before Windows 10 launch
Update KB3074683 fixes Explorer crashing fault
With less than 24 hours to go until the Windows 10 launch, Microsoft has released yet another patch for the new operating system, this time to fix a bug introduced by a patch brought out over the weekend.
The original patch, KB3074681, was pushed out on Saturday and brought in various unspecified bug and security updates, but complaints that it was crashing Windows Explorer soon started coming in.
According to WinSuperSite, the error occurred when users on build 10240, the RTM build that will be generally release tomorrow, tried to disable an active network adapter or uninstall a program using the path Programs and Features>Uninstall or change a program.
Gabe Aul, general manager for the OS Group Data and Fundamentals team, told WinSuperSite that "a fix is in the works for this [bug] and will be pushed out soon". True to Aul's word, the new patch, KB3074683, was rolled out overnight specifically to fix this problem and, by all accounts, does work. The buggy update has since been withdrawn.
While these latest updates fix minor issues, another patch released last week for Windows 10 and all other currently supported systems, was far more significant.
The emergency, out of band patch fixed an exploit first discovered by surveillance firm Hacking Team.
The patches, named MS15-078 for Windows Vista through to Windows Server 2012 and KB3074667 for Windows 10, fix a remote code execution vulnerability in the Windows Adobe Type Manager Library. The hole, which has been given the reference CVE-2015-2426, could be used by hackers to escalate privileges and remotely control a system if the user opened a specially crafted document or visited a website that uses OpenType fonts.
This is the third Windows vulnerability patch related to information released in the massive Hacking Team data breach, which saw 400GB of stolen documents leaked online. Included in those documents was information on zero-day vulnerabilities it had discovered in Windows, which were sold as part of its "offensive security" software that allowed unauthorised users to gain access to and collect data from systems undetected.
Since the leak at the beginning of the month, security researchers have been scouring the data to identify and patch the vulnerabilities documented within. Thanks for this particular discovery can be laid at the door of Trend Micro, which published a detailed analysis of the threat on its Security Intelligence blog.
According to Microsoft, however, while the exploit was listed in Hacking Team's documents there is no current evidence it has ever been used in an active attack.
While the out-of-band patch will protect all currently supported Windows desktop and server operating systems, those using older software such as Windows XP or the recently expired Server 2003 will not receive the update, meaning they will remain vulnerable to potential attack.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download