The standalone Secure Boot CVE-2020-0689 update If you do not have the correct SSU package installed, which was released either in November 2019 or February 2020 depending upon your version of Windows 10, and need to install a standalone update and the general February Patch Tuesday update, then specific ordering becomes a thing again.Ģ. The bad news, then, is that the CVE-2020-0689 fixes are "standalone security updates" that need to be installed as well as the normal security updates to protect against the secure boot vulnerability. The feedback I received following that report confirmed what I already knew: the average Windows 10 is very confused by this 'update ordering' requirement. As I reported back in October 2019, Microsoft released a critical servicing stack update (SSU) that it strongly recommended was installed before the latest cumulative updates were applied. You can find out more from Microsoft itself, but the too long didn't read of the matter is that they fix problems associated with the component that installs Windows updates. If that SSU thing sounds familiar, that's because you may have stumbled across my reporting of it before. In the security update guide FAQ for CVE-2020-0689, Microsoft states that there is a Servicing Stack Update (SSU) prerequisite for specific Knowledge Base (KB) numbers. The exception is Windows 10, which along with IE and Edge, will resolve 88 CVEs." "Unlike the song where you need to take each bottle down and pass it around," Todd Schell, senior product manager of security at Ivanti, said, "the good news here is many of these CVEs can be resolved by applying just a few Microsoft updates." As Schell pointed out, most of these are in the OS itself and, "on average, your OS updates will resolve around 50 CVEs. As Satnam Narang, a senior research engineer at Tenable, said: "This is one of the largest Patch Tuesday releases we’ve seen in recent times." As far as I can tell, it's the biggest since August 2019 when there were still an impressive 93 CVEs fixed. I was pleased to see that the actively-exploited and critical Internet Explorer vulnerability, that was causing problems for those applying workarounds, has finally been fixed. The latest Patch Tuesday round of vulnerability fixes hit Windows users this week, with 99 flaws covered in all. Microsoft has 99 problems, make sure you fix them all
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |