Microsoft has fixed and reissued a patch released earlier this month that left some users with the infamous ‘Blue Screen of Death.’
The patch in question is MS 14-045, which was released earlier this month as part of the Patch Tuesday update. After customers reported problems, Microsoft advised users to uninstall the original patch, and pulled it from the Windows Update service.
“This month we had our first roll out with additional non-security updates,” blogged Tracey Pretorius, director of Microsoft Trustworthy Computing. “A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.”
The security bulletin was meant to address three vulnerabilities in Windows, the most severe of which could allow an attacker to escalate privileges. The attacker would need valid logon credentials and be able to log on locally to exploit the issues.
While customers do not need to uninstall the previous version of the update before installing the latest edition, Microsoft strongly recommends it. In addition to the blue screens, other customers reported receiving ‘File in Use’ error messages and other problems.
“We encourage customers to install the security update as soon as possible. Customers with automatic updates enabled do not need to take any action,” blogged Pretorius. “If you don’t have Windows Update enabled, we encourage you to do so now. If you’re not sure whether you’ve enabled Windows Update, you can check here. For organizations, your IT Group, the team or person administering the network, would be the best place to check.”
According to a new report from IBM’s X-Force team, the first half of 2014 saw roughly 3,900 new security vulnerabilities affecting 926 unique vendors. If this trend continues through the end of the year, the total projected vulnerabilities would fall below 8,000 – the first time the total has been that low since 2011, IBM noted. As was the case last year, roughly a third (34 percent in 2014 and 32 percent in 2014) of the vulnerabilities came from the top 10 enterprise software companies.
“Although overall vulnerability numbers are down for the first half of 2014, the impact to the top 10 enterprise software vendors remains consistent,” according to the report. “It is uncertain at this point whether this trend will continue through the end of the year as attackers continue to seek higher impact/higher potential reward targets or whether we will see an increase in the second half of the year in the number of disclosed vulnerabilities against smaller vendors and components, such as CMS plug-ins.”