back to article Admins can give thanks this November for dollops of Microsoft patches

Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more. According to the IT giant, the first exploited flaw – CVE-2024-49039 – would allow privilege escalation thanks to an error in Windows Task …

  1. Joe W Silver badge

    Wait...

    "Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability,"

    I cannot select it to delete it without triggering the vulnerability? OK, I use the command line and powershell (and prefer Linux anyway, but at work you got what you get) daily, no problem in principle, but I consider this really bad news. Not the same level as a remote exploit, but still...

    And why would that code already be executed when just selecting the file? Just.... Why?

    1. that one in the corner Silver badge

      Re: Wait...

      > And why would that code already be executed when just selecting the file?

      Because selecting a file in Windows Explorer triggers far more activity than you'd expect at first glance. Heck, given the amount of stuff you can get Explorer to display in the details list, which involve examining the file contents, I'm surprised there isn't[1] an exploitable bug that fires when you just list a directory containing a malformed file. Or in a tooltip, do just pointing at the file for too long...

      Too early in the day to try and find more details on this specific CVE, but if the leak is NTLM-related then wild guess it is triggering network traffic that can be be manipulated in some way (hmm, it would be nice to have links to PoC writeups to make this clearer to understand - but then again, perhaps not until everyone has had time to update...).

      [1] ok, go on, tell me the CVEs that I've missed/forgotten...

      1. Anonymous Coward
        Anonymous Coward

        Re: Selecting a file

        will send all sorts of data back to the Mothership for further processing.

        "It looks like you have selected this file 6 times in the past year but have not opened it. Do you want help opening the file?"

        FSCK Microsoft.

        As for sorting out the patching before the turkey is done. We deserve to know which turkey

        - The Thanksgiving one (for our US Overlords to have one last celebration before all hell gets loose on the US and world economy)

        OR

        - The Christmas turkey for those of us NOT in the USA.

        If it is the latter, then the most accurate measurement should be ... [drumroll please]

        The time it takes to cook the sprouts which will soon be put on to boil.

        Asking for a friend...

        1. MJay17

          Re: Selecting a file

          My sprouts went on a low simmer on 1st September. I hate under cooked sprouts.

        2. Anonymous Coward
          Anonymous Coward

          Re: Selecting a file

          Surely you're Canadian—I can't imagine turkeys being exported to Britain...

          1. WonkoTheSane
            Headmaster

            Re: Selecting a file

            The UK raises its own turkeys.

            For reference, see the Reform Party.

          2. navarac Silver badge

            Re: Selecting a file

            >>>I can't imagine turkeys being exported to Britain...<<<

            This sort of comment just shows up the average Americans knowledge of anything outside a radius of a Gnat's perception.

          3. PB90210 Silver badge

            Re: Selecting a file

            You've never heard of Bernard 'Bootiful' Matthews...

        3. Doctor Syntax Silver badge

          Re: Selecting a file

          "The Christmas turkey for those of us NOT in the USA."

          And for those not interested in eating meat with all the flavour of cardboard - goose.

  2. that one in the corner Silver badge

    Do not attempt to edit this file...

    > flaw in ... Visual Studio that could be exploited ... "by loading a specially crafted file into a vulnerable desktop app,"

    Is it just me, or is that suggesting that you could be caught just by trying to use VS to look inside a file you are (rightly) suspicious of?

    If I've got a file that doesn't seem kosher (is that really a zip or something else?) I tend to look at it in my favourite "programmer's editor", expecting that to just show the contents and do nowt else exciting (well, show in various formats, like hex or highlighting keywords). This appears to suggest that, if I decided to favour VS and use it like that...

  3. Anonymous Coward
    Anonymous Coward

    And yet ..

    .. people continue to tell me that Microsoft is safe and Microsoft Defender and Sentinel is all you need to keep things buttoned up ..

    Let me guess, I assume these facilities cost extra?

    1. Ian Johnston Silver badge

      Re: And yet ..

      I just did an apt-get update && apt-get dist-upgrade. 465MB of updates. Since last Friday. Perhaps it's when OSes are fixed that they are safe?

      1. druck Silver badge

        Re: And yet ..

        That will be updates for your OS and hundreds of installed apps, all done in a matter of seconds, and no reboot.

        With Windows, update, reboot, update again, and only then you can look forward to a dozen apps nagging you to update them one after the other.

        1. fnusnu

          Re: And yet ..

          Just use winget update --all

  4. DJV Silver badge
    Thumb Down

    Unexpected addition of Copilot

    No one seems to be mentioning that there appeared to be an extra unwanted payload in this update.

    I installed it on my one remaining Windows PC (Win 10) and suddenly found a Copilot icon appearing on my taskbar. WTF? I didn't ask for that crap!

    At least there was an uninstall option in the app section of the settings abomination to get rid of it, which I promptly used.

    1. ChrisElvidge Bronze badge

      Re: Unexpected addition of Copilot

      I got that too.

    2. WonkoTheSane
      Holmes

      Re: Unexpected addition of Copilot

      Sure it's not Microsofts usual trick of an uninstaller that only hides the icon?

      1. DJV Silver badge

        Re: Unexpected addition of Copilot

        It wouldn't surprise me!

    3. David Hicklin Silver badge

      Re: Unexpected addition of Copilot

      Just updated one of my VM's on win 10 and yup its there now, uninstalled until the next update no doubt

    4. Uncle William

      Re: Unexpected addition of Copilot

      I didn't notice when Copilot appeared but I think it was weeks ago for me. But yesterday my Pinned items in File Explorer changed to folders that I did not want pinned and my WiFi no longer connects automatically every time regardless of being told to. But eh - my Win10 Pro desktop is allowing me to post this - for the time being.

      Must remember to do a system backup before I Resume the "suspended for 7 days" updates.

  5. aidanstevens
    Black Helicopters

    Slowed my mouse down

    Updated on Windows 10 22H2 and it changed my mouse speed to the lowest setting - anyone else?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like