In an unprecedented move, Microsoft decided not to release its Patch Tuesday update with fixes for the month of February, and said that a consolidated security patch will be released on March 14. At that time, the company claimed a vague ‘last minute issue’ as the problem. Now, Microsoft has rolled out an emergency fix to rectify an issue with Adobe’s Flash Player.
The Redmond-based giant has issued a critical fix for an ‘unknown issue’ with Flash Player on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. The Bulletin claims that the issue could lead to remote code execution, and that this patch would require a restart. We recommend you to install the patch immediately as Microsoft would not break its software cycle if the fix was not critical.
“This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016,” the bulletin, issued on Tuesday, reads.
As we’ve seen several times in the last few years, Adobe Flash Player has been making headlines for its vulnerabilities. Most Web browsers today prevent Flash components on websites from automatic execution, rather hiding them behind a click to execute manually, if the user wants to. Microsoft Edge, Google Chrome, and even Mozilla Firefox have deployed this technique, and look to stop support altogether in the future.
In any case, Microsoft found a new critical vulnerability and felt the need to fix it immediately. With its February patches, the company was to patch a zero-day flaw in the company’s file sharing protocol SMB, but now that has to wait another month, The Verge notes. It is rare for Microsoft to delay it Patch Tuesday release entirely, however the company isn’t providing any details as to why that was done, or what is the ‘last minute issue’. There is no clarity on why Microsoft released this patch outside of Patch Tuesday, or if other such sporadic patches are coming before March 14.
Microsoft moved to monthly patch release cycle in October 2003 citing cost effectiveness and regularity for system admins in work schedule, testing, and deployment.
[“source-ndtv”]