After pulling out of releasing its regular “Patch Tuesday” bundle of security updates last week due to an issue found at the last minute, Microsoft belatedly released security patches for critical vulnerabilities in Adobe Flash Player yesterday for users of Internet Explorer on Windows 8.1 and later, and Edge for Windows 10.
That was an unexpected treat, as it had been thought Microsoft would wait until the next scheduled update on Tuesday, March 14, 2017. Users’ PCs can now pull down the patches via the regular Windows Update process.
The released patches do not include fixes for two known zero-day vulnerabilities in Microsoft’s code.
Exploit code for a vulnerability in how Windows handles SMB traffic has been published on GitHub, and could allow a remote unauthenticated attacker to launch a denial-of-service attack against a vulnerable system.
The other security hole in Microsoft’s code was controversially made public by Google last week, despite the chocolate factory knowing that Microsoft’s customers did not yet have any protection in place.
Microsoft’s delivery of fixes on Patch Tuesday has been impressively reliable over the years, and as far as I recall this is the first time ever that they have missed the date.
Let’s hope that the remaining security vulnerabilities are fixed quickly, and malicious attackers do not attempt to exploit the flaws widely before patches are released.