Microsoft's February Patch Tuesday Moved to March 14

Solarquest · Feb 16, 2017

After Microsoft said on Tuesday that it was postponing its February Patch Tuesday indefinitely, the company issued a new statement today, announcing that February's patches will arrive on March 14, next month.

"We will deliver updates as part of the planned March Update Tuesday, March 14, 2017," Microsoft said in an update to its original blog post.

.....
.....
The delay of the February monthly patches means organizations will remain vulnerable to a zero-day in the SMBv3 protocol made public at the start of the month.

More details in the link above

vemn · Feb 16, 2017

That's a big one though.
Probably boosting businesses for vendors who provide HIPS or NIPS with the theory of Virtual Patching.
Which potentially also means more revenue to MS, where the vendors probably need to pay more to get to know more of the vulnerabilities (unless it's public discovery) in order to come up with the HIPS/NIPS rules.

Wave · Feb 16, 2017

vemn said:
That's a big one though.
Probably boosting businesses for vendors who provide HIPS or NIPS with the theory of Virtual Patching.
Which potentially also means more revenue to MS, where the vendors probably need to pay more to get to know more of the vulnerabilities (unless it's public discovery) in order to come up with the HIPS/NIPS rules.

Doubt it, a lot of anti-exploit products are nothing but signature detection haha, some are exceptions or have additional dynamic analysis but normally in a lot of them it's just byte signatures lol

basically some which I will not name are just "fraud" as they aren't even dynamic and signature less

vemn · Feb 16, 2017

Wave said:
Doubt it, a lot of anti-exploit products are nothing but signature detection haha, some are exceptions or have additional dynamic analysis but normally in a lot of them it's just byte signatures lol

basically some which I will not name are just "fraud" as they aren't even dynamic and signature less

Hehe... sounds like you are not a believer of Virtual Patching theory..hehe

Wave · Feb 16, 2017

vemn said:
Hehe... sounds like you are not a believer of Virtual Patching theory..hehe

Nope because you can shut down the product and then protection is gone lol. whereas if it's integrated into the actual OS it's a different story

for example bypassing UAC is harder when it's integrated into the OS as opposed to a third party patching it imo

vemn · Feb 16, 2017

Wave said:
Nope because you can shut down the product and then protection is gone lol. whereas if it's integrated into the actual OS it's a different story

for example bypassing UAC is harder when it's integrated into the OS as opposed to a third party patching it imo

Hehe that's why they kept emphasising it's "Virtual" patching.

Disclaimer in font 5.
Helping you out in the interim~~
Nope I'm not saying I solve your problem though ~

Deleted member 178 · Feb 16, 2017

vemn said:
Hehe... sounds like you are not a believer of Virtual Patching theory..hehe

So do i.

Wave said:
Nope because you can shut down the product and then protection is gone lol. whereas if it's integrated into the actual OS it's a different story

for example bypassing UAC is harder when it's integrated into the OS as opposed to a third party patching it imo

Exactly.

shukla44 · Feb 17, 2017

The SMB zero-day affects several Windows OS versions, such as Windows 10, 8.1, Server 2012, and Server 2016.

It doesn't affect Windows 7, right?

Search

Search

Microsoft's February Patch Tuesday Moved to March 14

Solarquest

Moderator

vemn

Level 6

Wave

vemn

Level 6

Wave

vemn

Level 6

Deleted member 178

shukla44

Level 13

You may also like...