Microsoft released a new servicing stack update (KB5001078) after an older a single brought on difficulties for Windows buyers putting in Patch Tuesday security updates.
Microsoft has removed a faulty servicing stack update, which was triggering issues for Windows users when they experimented with to put in final week’s Patch Tuesday security updates.
Microsoft’s servicing stack update presents fixes for the part that installs Windows updates. This individual faulty update (KB4601392) used to Windows 10 users (model 1607 for 32-little bit and x64-based methods) and Windows Server 2016 end users.
To handle this issue, Microsoft has removed the defective update and released a new one (KB5001078).
“There is a known issue that halts the installation progress of the February 9, 2021 security update,” mentioned Microsoft on Friday.
Microsoft Faulty Update: A Windows Security Issue
Microsoft said that the erroneous servicing-stack update (KB4601392) froze installations for the “Cumulative Update” from the latest Windows Update. This resulted in the set up for the update halting at 24 percent.
Windows consumers – who described issues – should install this new servicing stack update prior to setting up the its modern February Patch Tuesday security update from previous 7 days.
“You have to put in the new servicing-stack update (SSU) KB5001078 before installing this cumulative update (LCU),” according to Microsoft. “SSUs make improvements to the reliability of the update course of action to mitigate probable issues although putting in the LCU and making use of Microsoft security fixes.”
How Windows End users Can Mitigate if They By now Installed KB4601392
Microsoft gave the follow mitigation assistance for devices that have presently put in KB4601392:
- Consumers really should restart their devices and then stick to only techniques 1, 2 and 4a from Reset Windows Update factors manually.
- They need to then restart their gadgets once again.
- KB5001078 must now set up from Windows Update when consumers pick out “check for updates” – or they can wait for it to install quickly.
- End users really should then be equipped to install the most recent Cumulative Update from Windows Update.
For Windows consumers who haven’t applied the prior update, the new update “is accessible by way of Windows Update,” stated Microsoft. “It will be downloaded and installed instantly.”
To get the stand-alone bundle for the update, customers can also go to the Microsoft Update Catalog website stated Microsoft.
Patch Tuesday Security Updates: Implement Now
Microsoft’s February Patch Tuesday from previous 7 days dealt with 9 critical-severity cybersecurity bugs, moreover an essential-rated vulnerability that is being actively exploited in the wild.
The bug tracked as CVE-2021-1732, is becoming actively exploited, according to Microsoft’s advisory. This underscores the need for sysadmins to immediately apply the update. This is why the defective servicing-stack update making an impediment for deploying Patch Tuesday updates is an issue for corporations.
“The exploitation of this vulnerability would make it possible for an attacker to execute code in the context of the kernel and get Program privileges, fundamentally supplying the attacker cost-free rein to do what ever they wished with the compromised machine,” stated Chris Hass, director of Data Security and Analysis at Automox, in an email.
“Because this vulnerability is already becoming used by attackers, patching this vulnerability is as before long as doable is certainly critical,” reported Hass.
Is your tiny- to medium-sized enterprise an uncomplicated mark for attackers?
Threatpost WEBINAR: Save your place for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals rely on you generating these faults, but our industry experts will assistance you lock down your smaller- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.
Some components of this post are sourced from: