This month’s Windows and Office security patches: Bugs and solutions

October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

HP’s Secure Click Enterprise started falling over immediately after installing this month’s Windows cumulative updates. HP released a Win10 update-friendly version a couple of days later. It continues to astound me that a mainstream product from a major manufacturer isn’t tested before the cumulative updates roll out.

There was a security hole plug specifically for Visual Studio programmers, CVE-2020-17023.

Then there’s the security patch for Microsoft Dynamics 365 Commerce, CVE-2020-16943, that was announced but never appeared. It’s still missing in action. Something in there about counting chickens before they’re hatched.

As usual, we had dire warnings galore from the usual patch-right-now sources (“Microsoft warns beeeelions of customers to patch immediately!”). As usual, we haven’t seen any immediately exploited security holes, with the possible exception of SharePoint Server 2016 and 2019. 

Source link

Read More