Microsoft Patch Fixes 111 Vulnerabilities

Updated 07/10/2021

Microsoft Updates

Welcome to our security updates for the week of 21st.

Please sign up for our exclusive newsletter below, "The Consilien Report," and never miss an important update.

Microsoft's May 2020 Patch Tuesday has come, and it's a big one.

This patch provides fixes for 111 vulnerabilities, 91 of which are classified as "important," and 13 as "critical." Nine of these exploits allowed hackers full access and control of Windows 10 computers.

This comes as almost no surprise after a lousy track record of updates for 2020 from Microsoft so far. February saw its Patch Tuesday with data disappearing from user accounts and proving to be unrecoverable.

March pushed an update designed to improve Edge and Explorer security but instead caused blue screens of death, black screens on startup, and other various issues.

April's update caused problems with Google Chromium sandbox, a security feature of many popular web browsers that keeps failures from spreading to other software. Unfortunately, Chromium is entirely in the hands of Windows 10 code, so Microsoft, not Google, must fix any errors.

In response to recent shortcomings, Microsoft has released an "Optional Updates" feature for high-risk updates. This was an older feature of Windows, which was removed in the past.

Hopefully, users will be able to avoid such debilitating problems in the future by choosing which updates they will install more carefully.

--------------------------------------------------

Beware Trojan Malware on the Rise

During an analysis of 90 billion traffic logs from Nuspire customers for the first quarter of 2020, found that Emotet malware was seen frequently, hidden in a phishing email, pretending to be an attached invoice or bank statement. The latest versions give it the ability to install another Trojan known as TrikBot and the Ryuk ransomware. This form of malware steals your data and then delivers ransomware. It’s a double whammy!

More than 1.2 million botnets with 46 unique variants were found. Microsoft was able to take control of the infrastructure responsible for over nine million infections across the globe, but the threat remains. More than 23 million exploits with 404 unique variants were spotted. The most attempted one was called DoublePulsar, which creates a virtual backdoor for other malware to infect a system.

Consilien recommends user security awareness training to help employees recognize threats, layered security tailored to your level of risk, malware detection, and hardening of defenses to help improve the health and safety of your business network.

--------------------------------------------------

Microsoft Ends Support of Windows 10 on 32-bit Systems

As of Microsoft's May 2020 update, future versions of Windows 10 on new OEM machines will no longer feature 32-bit operating systems. Starting with version 2004, new OEM PC's will come equipped with only 64-bit Windows 10.

Current users running 32-bit on existing machines will not be affected, as Microsoft will continue to provide features and security updates. Non-OEM computers will still have a 32-bit option.

There are few 32-bit systems left out in the wild today. Most are in businesses with proprietary software written many years ago that can't run on 64-bit, but they are essential to production. Microsoft hopes to eliminate potential issues and development conflicts by having only one architecture available in the future.

References:

  1. https://www.forbes.com/sites/gordonkelly/2020/05/14/microsoft-critical-windows-10-update-warning-free-windows-10-upgrade/#7f2bc5777263

2.  https://www.forbes.com/sites/gordonkelly/2020/02/19/new-windows-10-update-starts-causing-serious-problems/#1bfe56eb7a7e

3. https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/#131e60625f8f

4. https://www.forbes.com/sites/gordonkelly/2020/03/12/microsoft-windows-10-warning-freeze-crash-boot-failure-installation-problems-upgrade-windows-10-free/#18ae66b2161e

  1. https://www.techrepublic.com/article/how-to-protect-your-organization-against-the-latest-malware-threats/

6. https://www.bleepingcomputer.com/news/microsoft/rip-microsoft-to-drop-support-for-windows-10-on-32-bit-systems/