back to article Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulns in Windows Defender

Microsoft on Tuesday released updates addressing 83 vulnerabilities in its software, which doesn't include the 13 flaws fixed in its Edge browser last week. That's up from 58 repairs made in December, 2020, a relatively light month by recent standards. Affected applications include: Microsoft Windows, Microsoft Edge (EdgeHTML …

  1. Paul Herber Silver badge

    Right, Microsoft, no more new features to be added until the monthly patch count is down to single figures!

    No pudding until you eat your dinner.

    1. LDS Silver badge

      "And earlier this month, Google published 43 CVEs"

      And that's in a single product. It looks Google too should stop rolling out new versions of Android until it can fix the actual one.

      1. Flexdream

        Re: "And earlier this month, Google published 43 CVEs"

        Google's problem is the large number of Android devices which can't be updated anyway. Especially phones.

  2. This post has been deleted by its author

    1. DailyLlama
      Facepalm

      Re: Oh dear

      Not in the current tiers, surely?

  3. tcmonkey

    "On Monday, Mozilla issued a critical fix for Thunderbird, CVE-2020-16044, a user-after-free write bug that's been patched to prevent potential usage for running arbitrary remote code."

    That should probably be use-after-free, not user-after-free.

  4. Mike 137 Silver badge

    "One of these bugs (CVE-2021-1648) is publicly known..."

    Correction.

    They're all publicly known now.

    A major problem of scheduled bulk patch releases is that they give the adversary notice of a wide window of opportunity as most business don't leap up and patch on release day. Despite many patching policies saying " Critical - within 24 hours" that hardly ever happens - it's more typically a week to 10 days (sometimes much longer). So there's plenty of time to create and deploy a shotgun attack against the numerous sluggards.

    1. DailyLlama

      Re: "One of these bugs (CVE-2021-1648) is publicly known..."

      I don't think it's fair to call business sluggards, when we've all experienced bad updates breaking things, and have to have at least a week of testing to make sure that we aren't going to have to rebuild all the computers in the company because of one borked update...

  5. Zippy´s Sausage Factory
    Devil

    " there is no mitigation against this attack for on-premise deployments of Exchange Server"

    Because of course there isn't. Moving to the cloud, locking people in and bleeding their bank account is preferable to having them pay once and forever...

  6. Version 1.0 Silver badge

    Fug Bixes

    We're always told that there are "Bug Fixes" and within a month or two we get more "Bug Fixes" - so the current "Bug Fixes" are simply moving the bugs around. It just looks like each bug is patched but hardly ever tested thoroughly - no need to test the code? "Of course not sir, it complied without any errors so we can release an update tomorrow."

    1. Darkk

      Re: Fug Bixes

      Yep and we've been stung too many times with updates forcing us to rebuild the entire computer when the system restore couldn't fix it. I have little faith in Microsoft these days when it come to updates.

  7. AlanSh

    Still making the same mistakes?

    I am unclear why the brand new EDGE browser has so many issues. Didn't MS learn anything about coding as they built this NEW app?

    Or did they give the build to the local office boy fresh out of Tandys?

    1. Carl D
      Joke

      Re: Still making the same mistakes?

      https://starecat.com/microsoft-edge-scooby-doo-alright-edge-lets-see-who-you-really-are-internet-explorer/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021