Microsoft launched a new servicing stack update (KB5001078) soon after an older a single caused complications for Windows consumers setting up Patch Tuesday security updates.
Microsoft has removed a defective servicing stack update, which was leading to issues for Windows people when they tried using to install very last week’s Patch Tuesday security updates.
Microsoft’s servicing stack update presents fixes for the component that installs Windows updates. This unique defective update (KB4601392) applied to Windows 10 people (version 1607 for 32-bit and x64-centered programs) and Windows Server 2016 customers.
To address this issue, Microsoft has taken out the defective update and launched a new just one (KB5001078).
“There is a recognised issue that halts the installation progress of the February 9, 2021 security update,” stated Microsoft on Friday.
Microsoft Defective Update: A Windows Security Issue
Microsoft stated that the erroneous servicing-stack update (KB4601392) froze installations for the “Cumulative Update” from the latest Windows Update. This resulted in the installation for the update halting at 24 per cent.
Windows consumers – who claimed issues – have to put in this new servicing stack update prior to setting up the its current February Patch Tuesday security update from past week.
“You need to set up the new servicing-stack update (SSU) KB5001078 before setting up this cumulative update (LCU),” in accordance to Microsoft. “SSUs increase the dependability of the update system to mitigate opportunity issues though setting up the LCU and implementing Microsoft security fixes.”
How Windows Consumers Can Mitigate if They Now Installed KB4601392
Microsoft gave the stick to mitigation information for units that have currently set up KB4601392:
- Users need to restart their equipment and then follow only ways 1, 2 and 4a from Reset Windows Update components manually.
- They must then restart their equipment once again.
- KB5001078 should now install from Windows Update when consumers choose “check for updates” – or they can wait around for it to set up immediately.
- Customers must then be equipped to install the most recent Cumulative Update from Windows Update.
For Windows users who haven’t applied the earlier update, the new update “is offered as a result of Windows Update,” mentioned Microsoft. “It will be downloaded and mounted automatically.”
To get the stand-on your own deal for the update, users can also go to the Microsoft Update Catalog website explained Microsoft.
Patch Tuesday Security Updates: Implement Now
Microsoft’s February Patch Tuesday from previous week addressed 9 critical-severity cybersecurity bugs, additionally an significant-rated vulnerability that is remaining actively exploited in the wild.
The bug tracked as CVE-2021-1732, is currently being actively exploited, in accordance to Microsoft’s advisory. This underscores the require for sysadmins to quickly apply the update. This is why the defective servicing-stack update producing an obstacle for deploying Patch Tuesday updates is an issue for corporations.
“The exploitation of this vulnerability would let an attacker to execute code in the context of the kernel and acquire Procedure privileges, basically supplying the attacker free rein to do whatsoever they wanted with the compromised equipment,” said Chris Hass, director of Info Security and Analysis at Automox, in an email.
“Because this vulnerability is by now being made use of by attackers, patching this vulnerability is as before long as possible is absolutely vital,” mentioned Hass.
Is your modest- to medium-sized business an uncomplicated mark for attackers?
Threatpost WEBINAR: Save your location for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals rely on you building these mistakes, but our authorities will aid you lock down your tiny- to mid-sized small business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.
Some parts of this article are sourced from:
threatpost.com