Microsoft: fix security issue with non-security update. Instructions point to non-existent KB pageFebruary 21, 2019
Can things get any worse than this?
The security problem could be abused to cause CPU usage to grow to 100% before the malicious HTTP/2″connections are murdered by IIS”.
The advisory urges to administrators that they set up the February non-security upgrades for the version of Windows 10 which can be installed on an active device. Microsoft released cumulative updates for all supported versions of Windows 10 over the February Patch Tuesday that contained security updates.
The updates that Microsoft describes at the advisory were released this week to Windows 10 version 1607 to 1803 (the update for Windows 10 version 1809 is being tested in the Release Preview ring currently) and also the associated Windows Server versions.
No instructions available
It’s not the first time that security associated content is updated by updates that are non-security. The principal difficulty with the approach is the fact that it weakens the already-very-weak differentiation between non-security releases and the security.
The approach is far from perfect for administrators and customers who install patches that are security-only on devices.
What makes this particular security advisory even more problematic is that Microsoft asks clients to critique an Knowledge Base article that does not exist.
The safety advisory was printed yesterday, however the essential support article isn’t released yet (a day after the launch ). It is likely that a mistake was made by Microsoft when it added the link into the page, before hitting the button, but a person would surely have confirmed the connection.
It’s uncertain whether the difficulties are fixed by the setup of the upgrades or when other measures are expected to solve it entirely.
This really isn’t the first time that Microsoft released upgrades or advisories with no publishing their pages. I printed Microsoft, please print support pages before updates in 2016 to increase awareness for this problem.
Users and administrators might encounter patches and Windows upgrades to find out what they can introduce issues actually do, or have requirements or added actions.
Administrators wait until the service page is published by Microsoft and hope for the very best in this specific scenario, or may install the patches. Both choices aren’t too pleasant; the first could signify that steps aren’t implemented the second, because of missing directions while the secretary waits to release the support page that attacks could hit on the host.
You: What would you do and what is your take on this? (through Request Woody)
You are needed by ghacks. You will discover how to encourage us here by turning into a Patreon or support the site. Thank you for being a Ghacks reader. The post Microsoft: fix security issue with non-security update. Instructions point to non-existent KB page appeared first on gHacks Technology News.