Microsoft Issues an Out of Band Flash Update for Windows

Earlier this month Microsoft decided to push their February Patch Tuesday updates into next month despite a couple of pending security concerns that needed to be addressed.

Richard Hay, Senior Content Producer

February 22, 2017

2 Min Read
Microsoft Issues an Out of Band Flash Update for Windows

Earlier this month Microsoft decided to push their February Patch Tuesday updates into next month despite a couple of pending security concerns that needed to be addressed.

According to reports, this delay was due to some internal issue in preparing the patches for distribution so the company opted to delay the updates rather than issue patches that may have caused issues for customers.

While delaying routine patches such as the normal monthly cumulative update for Windows 10 is not a big deal, there was a bug with the SMB protocol in Windows that could be used in a Denial of Service attack and it was expected to be patched this month however, that fix is also part of the delayed Patch Tuesday.

Although the Redmond company delayed that security patch, one area that is getting addressed through an out of band update for Windows is an update for Adobe Flash.

Microsoft pushed out this fix for the Flash vulnerability yesterday under Knowledge Base article KB4010250 (MS17-005).

This patch applies to the following versions of Windows:

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows 10

  • Windows 10 Version 1511

  • Windows 10 Version 1607

  • Windows 8.1

  • Windows RT 8.1

MS17-005 is rated as a critical so it is recommended that you install it at your earliest opportunity.

There is still no word or indication from Microsoft on whether they might issue additional out of band updates to address the SMB protocol issue before the arrival of Patch Tuesday in March which is scheduled for the 14th.

However, there is a work around to keep someone from exploiting the SMB protocol bug on your system.

According to the Software Engineering Institutes vulnerability note on this you can block outbound SMB connections from your local network to the wide area network and disable connections on TCP ports 139 and 145 plus UDP ports 137 and 138.

----------

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

Read more about:

Microsoft

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like