Microsoft has issued an out-of-band patch for a blue screen of death (BSOD)-causing glitch introduced with the release of this week’s round of Patch Tuesday security fixes.
Some users have reported their devices crashing following the latest update, according to Windows Latest. Dubbed KB4601315, this round of fixes rectified 56 security flaws in Windows 10, including a critical zero-day vulnerability affecting the win32k component, being actively exploited by hackers in China.
Microsoft acknowledged the rollout of KB4601315 caused the BSOD to appear for a handful of users, revealing that devices stopped working when users attempted to connect to a Wi-Fi network through the Wi-Fi Protected Access 3 (WPA3) protocol.
Users will encounter “stop error 0x7E in nwifi.sys” when they attempt to use a WPA3 connection, the company confirmed. The emergency update, dubbed KB5001028, has now been released and should address the issue.
WPA3 is the most recent version of the security standard for wireless networks, introduced in January 2018. This added a number of improvements to security over WPA2, including stronger encryption and mitigations against weak passwords.
The Windows 10 bug caused by this week’s Patch Tuesday update should not affect too many devices considering WPA3 has yet to be adopted in the mainstream. Many devices with WPA3 support have been manufactured, but organisations and individuals across the world haven’t yet necessarily changed their WPA2 networking equipment.
Although the WPA3 standard isn’t as widely used as it one day will be, Microsoft still deemed this bug severe enough to release an out-of-band fix, something the company only does in emergency situations.
Previous out-of-band updates have normally been issued to fix critical flaws that render Windows devices vulnerable to exploitation by hackers.
Microsoft released emergency patches for high-risk Windows 10 and Windows Server 2019 remote code execution flaws affecting Windows Codecs Library in July 2020, for example. The firm also issued out-of-band updates to fix two further remote code execution bugs affecting Windows Codecs Library again as well as Visual Studio Code in October.
-
What businesses need to know about data sovereigntyWithout a firm strategy for data sovereignty, businesses put their data and reputations at risk
-
Anthropic says MCP will stay 'open, neutral, and community-driven' after donating project to Linux FoundationNews The AAIF aims to standardize agentic AI development and create an open ecosystem for developers
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
