The Valentine’s Day update from Microsoft did not arrive yesterday as planned. February Patch Tuesday will be coming, just a little later than usual. The decision to bundle together updates means that if urgent flaws are not fixed in time, they would have to wait until the following month to be fixed. In this case, Microsoft has chosen to delay its monthly round of patches to make sure some serious issues are addressed and included in this month’s round of patches.
IT admins have been waiting for Microsoft to issue its update to address a flaw that was identified three months ago and was announced earlier this month. Microsoft delayed issuing a patch for the zero-day flaw in the SMB file sharing platform until Patch Tuesday, even though the flaw is being exploited in the wild. While the flaw is not believed to be used to do anything other than crash Windows machines, it does need to be addressed. There is also concern that the flaw could be used to run arbitrary code, although as of yet that has not been seen in the wild.
Microsoft has released a statement about the delay to Patch Tuesday saying there was a “last minute issue” that needed to be fixed, although as of yet, no date has been provided for the delayed Windows update. That will depend on how long it takes to address the new issue. It is likely that this is a zero-day critical flaw that cannot wait to be fixed. Microsoft has not provided much in the way of detail, apart from saying the issue “could impact some customers and was not resolved in time for our planned updates today.”
Microsoft is delaying its update, but Adobe isn’t. As expected, its update addresses dozens of recently discovered issues. Three updates will be issued by Adobe to address flaws in Adobe Campaign, Digital Issues, and naturally, Adobe Flash.
There are 13 remote code execution flaws that will be addressed in Flash Player for ChromeOS, Linux, Mac and Windows. An update to version 18.104.22.168 is required to plug all the vulnerabilities. There are also 9 vulnerabilities in Digital Editions that are being addressed, eight of which lead to memory leaks and one allows remote code execution. Two security flaws have been addressed in Adobe Campaign – a security bypass feature and a cross-site scripting flaw.