Microsoft issues bug fix one day before Windows 10 launch

Update KB3074683 fixes Explorer crashing fault

With less than 24 hours to go until the Windows 10 launch, Microsoft has released yet another patch for the new operating system, this time to fix a bug introduced by a patch brought out over the weekend.

The original patch, KB3074681, was pushed out on Saturday and brought in various unspecified bug and security updates, but complaints that it was crashing Windows Explorer soon started coming in.

According to WinSuperSite, the error occurred when users on build 10240, the RTM build that will be generally release tomorrow, tried to disable an active network adapter or uninstall a program using the path Programs and Features>Uninstall or change a program.

Gabe Aul, general manager for the OS Group Data and Fundamentals team, told WinSuperSite that "a fix is in the works for this [bug] and will be pushed out soon". True to Aul's word, the new patch, KB3074683, was rolled out overnight specifically to fix this problem and, by all accounts, does work. The buggy update has since been withdrawn.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Emergency update

While these latest updates fix minor issues, another patch released last week for Windows 10 and all other currently supported systems, was far more significant.

The emergency, out of band patch fixed an exploit first discovered by surveillance firm Hacking Team.

The patches, named MS15-078 for Windows Vista through to Windows Server 2012 and KB3074667 for Windows 10, fix a remote code execution vulnerability in the Windows Adobe Type Manager Library. The hole, which has been given the reference CVE-2015-2426, could be used by hackers to escalate privileges and remotely control a system if the user opened a specially crafted document or visited a website that uses OpenType fonts.

This is the third Windows vulnerability patch related to information released in the massive Hacking Team data breach, which saw 400GB of stolen documents leaked online. Included in those documents was information on zero-day vulnerabilities it had discovered in Windows, which were sold as part of its "offensive security" software that allowed unauthorised users to gain access to and collect data from systems undetected.

Since the leak at the beginning of the month, security researchers have been scouring the data to identify and patch the vulnerabilities documented within. Thanks for this particular discovery can be laid at the door of Trend Micro, which published a detailed analysis of the threat on its Security Intelligence blog.

Advertisement - Article continues below

According to Microsoft, however, while the exploit was listed in Hacking Team's documents there is no current evidence it has ever been used in an active attack.

While the out-of-band patch will protect all currently supported Windows desktop and server operating systems, those using older software such as Windows XP or the recently expired Server 2003 will not receive the update, meaning they will remain vulnerable to potential attack.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/operating-systems/23119/windows-10-release-date-features-devices-and-free-upgrade-microsoft-issues
operating systems

Windows PowerToys customisation project returns

10 May 2019
Visit/operating-systems/28288/how-to-factory-reset-windows-10
operating systems

How to factory reset Windows 10

26 Mar 2019
Visit/microsoft-windows/33280/windows-7-security-patches-officially-coming-to-an-end
Microsoft Windows

Windows 7 security patches officially coming to an end

21 Mar 2019
Visit/business-operations/sales-crm/354830/microsoft-touts-enhanced-ai-features-for-dynamics-365
sales & CRM

Microsoft touts ‘enhanced AI’ features for Dynamics 365

21 Feb 2020

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/software/linux/354831/microsoft-to-add-defender-antivirus-software-to-linux-ios-and-android
Linux

Microsoft to add Defender antivirus software to Linux, iOS and Android

21 Feb 2020