We’ve just had the second Tuesday of the month, and you know what that means… Patch Tuesday!
Microsoft has issued a bundle of security bulletins, detailing fixes for numerous vulnerabilities, including critical remote code execution flaws in Microsoft Office, Microsoft Edge and various Windows components.
And this Patch Tuesday update includes a fix for the vulnerability that Google engineers controversially chose to make public last week.
The security hole is said to have been exploited by the Russian-linked Fancy Bear hacking group in targeted attacks, and details were shared by Google only days after it privately told Microsoft about the flaw, and informed Adobe of an associated Flash zero-day bug.
Although Adobe was able to issue a patch promptly, Google didn’t wait for Microsoft to push out a patch for the security vulnerability that was known to be being exploited in targeted attacks.
It was clear at the time that Microsoft was highly unimpressed by Google’s action:
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk.”
Whether you think Google was wrong or not to do what it did, you’re hopefully pleased to see that Microsoft has kept its promise and now issued a patch - meaning millions of users can benefit from protection.
Although the Microsoft patch for the Google-found flaw is likely to get the majority of the media attention, it’s important to recognise the latest collection of security patches from Microsoft cover a wide range of vulnerabilities.
As always, I strongly recommend that home users and companies update their Windows systems at their earliest convenience.