Skip to main content

After month-long delay, Microsoft releases Patch Tuesday update with security fixes

microsoft releases march 2017 patch tuesday security update windows10
Image used with permission by copyright holder
Microsoft’s March 2017 Patch Tuesday release was notable primarily because it covers two full months of security updates. A show-stopper bug derailed the February release, and so the company was forced to take the unusual step of delaying it for a full month.

Now that the update has been released, we can see that there was plenty to be patched. There were a number of security bugs to be fixed up, as TrendMicro’s Security Intelligence Blog reports, and also at least one small change that portends the impending release of Windows 10 Creators Update.

The update’s changelog is extensive, listing out a slew of updates to fix a number of security holes. The zero-day bug causing issues with the Server Message Block (SMB) network protocol was fixed, and that’s particularly important because it’s actually not a zero-day vulnerability at this point — everyone knew about it over a month ago and it was one of the reasons why delaying Patch Tuesday was so problematic.

Other fixes were noted as well. Another SMB bug involving the SMBv1 server was fixed, along with a Windows Graphic Device Interface (GDI) issue that Google’s Project Zero disclosed, that could allow remote hackers to grab information from a system’s heap memory. In addition to those critical, well-known bugs, a number of other security issues were resolved, including a number of Internet Explorer bugs and a full 32 bugs in Microsoft’s newer Edge browser.

If you’re not a Windows Insider, then you may not be keeping up with the progress towards a public release of the upcoming Creators Update. Microsoft wants to make sure you know it’s coming soon, and so it added a brief notice in the Update Status section of the Settings app letting you know it’s on its way.

Mark Coppock/Digital Trends
Mark Coppock/Digital Trends

Note that If you click on that “Yes, show me how” link, then you’ll be directed to a page indicating that you’ll be “one of the first to experience the Windows 10 Creators Update.” If you don’t want to be one of the first, then presumably you don’t want to click on this link. If you really want to get the Creators Update early, then of course you can join the Windows Insider program on the Fast Ring and the latest Windows 10 preview build is probably pretty close to what’s going to be publicly released.

Mark Coppock/Digital Trends
Mark Coppock/Digital Trends

You can check out the complete list of fixes in the March 2017 Patch Tuesday release at Microsoft’s Technet site. You can also download the update from Microsoft’s Update Catalog, and if you do then you’ll notice that the download utilizes the new “delta update” method that helps to keep updates smaller and more palatable for IT departments with thousands of machines to update.

It’s always a good idea to let Windows install its Patch Tuesday updates on time. This month, it’s even more important, because you’re getting sixty days of updates including some vulnerabilities that are known and in the wild.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Apple’s iOS 15.3 update fixes critical Safari security bug
iPhone showing Home Screen with widgets resting on soft white cloth background.

Apple has just released iOS 15.3, and while this latest update doesn’t add any significant new features, it addresses at least one critical security flaw. Earlier this month, software engineer Martin Bajanik of FingerprintJS found a serious vulnerability in Safari 15, the browser included in iOS 15 and iPadOS 15, that could leak browsing history information and even credentials from online services that a person is using, such as Google, YouTube, Amazon, and sites using WordPress.

As Bajanik explains, many websites use an API called IndexedDB to request that browsers like Safari and Chrome store information in a local database on a person’s device. Under normal circumstances, a given website should only be able to request information about the databases that it created — any others should be invisible to it.

Read more
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more
Microsoft Edge’s latest feature keeps you even more secure when browsing
Microsoft Edge browser on a computer screen.

The latest version of Microsoft Edge has a new hidden feature to keep you secure when browsing online. Known as "Super Duper Secure Mode," the feature improves the performance of websites and disables a browser engine commonly abused by hackers.

According to Microsoft, Super Duper Secure Mode works in two ways, balanced and strict. Balanced will learn what websites you use and trust them to use Just in Time Engine (JIT), which speeds up tasks in JavaScript. Strict, meanwhile, can break some websites, but will disable the Just in Time Engine for better security. Edge users can also add their own exceptions as they see fit.

Read more