Saltar al contenido

SMBv3 Patch Disappears, Non-Security Office Patch and a Moderate Patch Tuesday So Far

SMBv3 Patch Disappears, Non-Security Office Patch and a Moderate Patch Tuesday So Far

With a lot of drama about a patch that was never released and a handful of Office patches that shouldn’t have been released a week ago, this month’s Patch Tuesday is progressing surprisingly well.

It’s been almost 24 hours since the launch of Patch Tuesday this month. The good news: almost everyone who repairs individual cars reports that it went smoothly.

It is remarkable, given the countless problems with disappearance error of image (time profile) of last month and the endless litany of complaints on the latest patch «optional, unrelated to security, week C / D». The best thing I can say is that none of these issues have been officially recognized and, if they are still highlighted with yesterday’s patches, people are not complaining about them. Yet.

Of course, we still see the usual problems with installing patches (error 0x800f0900 seems special prolific on Reddit) But at this initial moment, I don’t see any debilitating problems.

Duplicate updates

I have seen numerous reports about Duplicate updates in Windows Update lists , especially for Windows 8.1, a .Net quality package and the monthly Server 2012 R2 package. Seeing the same identical patch listed twice in an update list does not inspire confidence.

Looks like Microsoft arranged the list of those in the evening to morning. At this moment, there are 110 entries «2020-03» in Microsoft Update Catalog that is, 110 individual patches, three less than last night.

Less is better, right?

Additional Office updates

It appears that Microsoft took advantage of Patch Tuesday to release additional non-security patches for Office. Non-security Office patches are usually released on the first Tuesday of the month, however this announcement Contains links to all of these new non-security Office patches:

Excel 2016

March 10, 2020, update for Excel 2016 (KB4011130)

Office 2016

March 3, 2020, update for Office 2016 (KB4484247)

Office 2016

March 10, 2020, update for Office 2016 (KB3213653)

Outlook 2016

March 10, 2020, Update for Outlook 2016 (KB4462111)

PowerPoint 2016

March 10, 2020, PowerPoint 2016 Update (KB3085405)

Project 2016

March 10, 2020, update for the 2016 Project (KB3085454)

Skype for Business 2016

March 3, 2020, update for Skype for Business 2016 (KB4484245)

Skype for Business 2015 (Lync 2013)

March 3, 2020, update for Skype for Business 2015 (Lync 2013) (KB4484097)

Office 2016 language interface package

March 3, 2020, update for Office 2016 Language Interface Pack (KB4484136)

Surprisingly, these patches are not listed in latest updates officers who are not security for the versions of Office you are using publication of Windows Installer (MSI) .

The strange case of CVE-2020-0796 «CoronaBlue»

Another patch synchronization incident: the SMBv3 patch described in the Microsoft Security Recommendation ADV200005 | Microsoft Guide for Disabling SMBv3 Compression It has caused all sorts of consternation among administrators responsible for networks running SMBv3.

In short, Microsoft seems to have the patch ready, but withdrew it at the last minute. Microsoft warned security software vendors in advance that the patch was coming (common practice), but did not shout, «Turn off printers!» in time to keep the cows in the stable. Two inside organizations accidentally posted and later withdrew descriptions. The story went through the blogosphere.

The hole can be that because it could spread without any human interaction. «It could be» the operable term: an exploited potential faces formidable challenges.

At first, Microsoft did not officially announce the hole and did not publish a fix. Then, his hand being forced, on Tuesday night, Microsoft published Safety notice , What it says:

Microsoft is aware of a remote code execution vulnerability in the way that Microsoft Server Message Block 3.1.1 (SMBv3) handles certain requests. An attacker who has successfully exploited the vulnerability could gain the ability to execute code on the target SMB server or SMB client.

At this point, it seems that only server 2013 and 2019 are affected . Microsoft has a manual solution. There are no known exploits, however Catalin Cimpanu from ZDNet just posted on Twitter :

Now I have seen / talked to 3 different people who claim to have found the error in less than 5 minutes. I will not be surprised if the exploits appear online at the end of the day.

If you do not run a network with SMBv3, you can relax. There is nothing in this month’s patches that you need to worry about right now.