Zero-Day Critical Security Hole in Windows Products Requires Immediate Attention (MS15-078)

…But our clients are already patched!

From time to time, there’s a security hole discovered in Windows that’s so big, Microsoft has to release an immediate fix for the problem.

Microsoft releases software patches on a scheduled basis. These come out on the second and sometimes fourth Tuesday of each month. We test, then approve these patches on a scheduled basis. (See: Windows Patching: How Do We Do It?)

Once in a while, Microsoft releases a “zero day” patch that needs to be immediately installed. They release these patches out-of-schedule from the normal sets of bug fixes and enhancements.

The latest is a flaw in some old font handling routines. You can read more about it here:

https://www.computerworld.com/article/2949589/malware-vulnerabilities/microsoft-patches-windows-zero-day-found-in-hacking-teams-leaked-docs.html

(Microsoft’s security bulletin is MS15-078, KB#3079904)

At BDPNetworks, we pay close attention to these threats. We have a process for handling urgent, high-priority updates. We approved these patches early today in our patch management system. We then ran reports that show most of our clients’ computers have already updated.

BDPNetworks clients don’t need to do anything; we’ve already taken care of the problem. We will stay on top of this and other issues and let you know if you need to take action.