Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Re-Releases Windows Security Update Pulled After Complaints

Microsoft has fixed and reissued a patch released earlier this month that left some users with the infamous ‘Blue Screen of Death.’

The patch in question is MS 14-045, which was released earlier this month as part of the Patch Tuesday update. After customers reported problems, Microsoft advised users to uninstall the original patch, and pulled it from the Windows Update service.

Microsoft has fixed and reissued a patch released earlier this month that left some users with the infamous ‘Blue Screen of Death.’

The patch in question is MS 14-045, which was released earlier this month as part of the Patch Tuesday update. After customers reported problems, Microsoft advised users to uninstall the original patch, and pulled it from the Windows Update service.

“This month we had our first roll out with additional non-security updates,” blogged Tracey Pretorius, director of Microsoft Trustworthy Computing. “A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.”

The security bulletin was meant to address three vulnerabilities in Windows, the most severe of which could allow an attacker to escalate privileges. The attacker would need valid logon credentials and be able to log on locally to exploit the issues.

While customers do not need to uninstall the previous version of the update before installing the latest edition, Microsoft strongly recommends it. In addition to the blue screens, other customers reported receiving ‘File in Use’ error messages and other problems.

“We encourage customers to install the security update as soon as possible. Customers with automatic updates enabled do not need to take any action,” blogged Pretorius. “If you don’t have Windows Update enabled, we encourage you to do so now. If you’re not sure whether you’ve enabled Windows Update, you can check here. For organizations, your IT Group, the team or person administering the network, would be the best place to check.”

According to a new report from IBM’s X-Force team, the first half of 2014 saw roughly 3,900 new security vulnerabilities affecting 926 unique vendors. If this trend continues through the end of the year, the total projected vulnerabilities would fall below 8,000 – the first time the total has been that low since 2011, IBM noted. As was the case last year, roughly a third (34 percent in 2014 and 32 percent in 2014) of the vulnerabilities came from the top 10 enterprise software companies.

“Although overall vulnerability numbers are down for the first half of 2014, the impact to the top 10 enterprise software vendors remains consistent,” according to the report. “It is uncertain at this point whether this trend will continue through the end of the year as attackers continue to seek higher impact/higher potential reward targets or whether we will see an increase in the second half of the year in the number of disclosed vulnerabilities against smaller vendors and components, such as CMS plug-ins.”

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.