Microsoft issues bug fix one day before Windows 10 launch

Update KB3074683 fixes Explorer crashing fault

With less than 24 hours to go until the Windows 10 launch, Microsoft has released yet another patch for the new operating system, this time to fix a bug introduced by a patch brought out over the weekend.

The original patch, KB3074681, was pushed out on Saturday and brought in various unspecified bug and security updates, but complaints that it was crashing Windows Explorer soon started coming in.

According to WinSuperSite, the error occurred when users on build 10240, the RTM build that will be generally release tomorrow, tried to disable an active network adapter or uninstall a program using the path Programs and Features>Uninstall or change a program.

Gabe Aul, general manager for the OS Group Data and Fundamentals team, told WinSuperSite that "a fix is in the works for this [bug] and will be pushed out soon". True to Aul's word, the new patch, KB3074683, was rolled out overnight specifically to fix this problem and, by all accounts, does work. The buggy update has since been withdrawn.

Emergency update

While these latest updates fix minor issues, another patch released last week for Windows 10 and all other currently supported systems, was far more significant.

The emergency, out of band patch fixed an exploit first discovered by surveillance firm Hacking Team.

The patches, named MS15-078 for Windows Vista through to Windows Server 2012 and KB3074667 for Windows 10, fix a remote code execution vulnerability in the Windows Adobe Type Manager Library. The hole, which has been given the reference CVE-2015-2426, could be used by hackers to escalate privileges and remotely control a system if the user opened a specially crafted document or visited a website that uses OpenType fonts.

This is the third Windows vulnerability patch related to information released in the massive Hacking Team data breach, which saw 400GB of stolen documents leaked online. Included in those documents was information on zero-day vulnerabilities it had discovered in Windows, which were sold as part of its "offensive security" software that allowed unauthorised users to gain access to and collect data from systems undetected.

Since the leak at the beginning of the month, security researchers have been scouring the data to identify and patch the vulnerabilities documented within. Thanks for this particular discovery can be laid at the door of Trend Micro, which published a detailed analysis of the threat on its Security Intelligence blog.

According to Microsoft, however, while the exploit was listed in Hacking Team's documents there is no current evidence it has ever been used in an active attack.

While the out-of-band patch will protect all currently supported Windows desktop and server operating systems, those using older software such as Windows XP or the recently expired Server 2003 will not receive the update, meaning they will remain vulnerable to potential attack.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

How to factory reset Windows 10
operating systems

How to factory reset Windows 10

4 Mar 2020
Microsoft Surface Pro review: Still worth buying?
Laptops

Microsoft Surface Pro review: Still worth buying?

24 Feb 2021
Microsoft is concerned with escalating web shell attacks
hacking

Microsoft is concerned with escalating web shell attacks

12 Feb 2021
Managing a late migration
Microsoft Windows

Managing a late migration

11 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021