Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Re-Releases Windows Security Update Pulled After Complaints

Microsoft has fixed and reissued a patch released earlier this month that left some users with the infamous ‘Blue Screen of Death.’

The patch in question is MS 14-045, which was released earlier this month as part of the Patch Tuesday update. After customers reported problems, Microsoft advised users to uninstall the original patch, and pulled it from the Windows Update service.

Microsoft has fixed and reissued a patch released earlier this month that left some users with the infamous ‘Blue Screen of Death.’

The patch in question is MS 14-045, which was released earlier this month as part of the Patch Tuesday update. After customers reported problems, Microsoft advised users to uninstall the original patch, and pulled it from the Windows Update service.

“This month we had our first roll out with additional non-security updates,” blogged Tracey Pretorius, director of Microsoft Trustworthy Computing. “A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.”

The security bulletin was meant to address three vulnerabilities in Windows, the most severe of which could allow an attacker to escalate privileges. The attacker would need valid logon credentials and be able to log on locally to exploit the issues.

While customers do not need to uninstall the previous version of the update before installing the latest edition, Microsoft strongly recommends it. In addition to the blue screens, other customers reported receiving ‘File in Use’ error messages and other problems.

“We encourage customers to install the security update as soon as possible. Customers with automatic updates enabled do not need to take any action,” blogged Pretorius. “If you don’t have Windows Update enabled, we encourage you to do so now. If you’re not sure whether you’ve enabled Windows Update, you can check here. For organizations, your IT Group, the team or person administering the network, would be the best place to check.”

According to a new report from IBM’s X-Force team, the first half of 2014 saw roughly 3,900 new security vulnerabilities affecting 926 unique vendors. If this trend continues through the end of the year, the total projected vulnerabilities would fall below 8,000 – the first time the total has been that low since 2011, IBM noted. As was the case last year, roughly a third (34 percent in 2014 and 32 percent in 2014) of the vulnerabilities came from the top 10 enterprise software companies.

“Although overall vulnerability numbers are down for the first half of 2014, the impact to the top 10 enterprise software vendors remains consistent,” according to the report. “It is uncertain at this point whether this trend will continue through the end of the year as attackers continue to seek higher impact/higher potential reward targets or whether we will see an increase in the second half of the year in the number of disclosed vulnerabilities against smaller vendors and components, such as CMS plug-ins.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.