Microsoft’s March 2017 Patch Tuesday release was notable primarily because it covers two full months of security updates. A show-stopper bug derailed the February release, and so the company was forced to take the unusual step of delaying it for a full month.
Now that the update has been released, we can see that there was plenty to be patched. There were a number of security bugs to be fixed up, as TrendMicro’s Security Intelligence Blog reports, and also at least one small change that portends the impending release of Windows 10 Creators Update.
The update’s changelog is extensive, listing out a slew of updates to fix a number of security holes. The zero-day bug causing issues with the Server Message Block (SMB) network protocol was fixed, and that’s particularly important because it’s actually not a zero-day vulnerability at this point — everyone knew about it over a month ago and it was one of the reasons why delaying Patch Tuesday was so problematic.
Other fixes were noted as well. Another SMB bug involving the SMBv1 server was fixed, along with a Windows Graphic Device Interface (GDI) issue that Google’s Project Zero disclosed, that could allow remote hackers to grab information from a system’s heap memory. In addition to those critical, well-known bugs, a number of other security issues were resolved, including a number of Internet Explorer bugs and a full 32 bugs in Microsoft’s newer Edge browser.
If you’re not a Windows Insider, then you may not be keeping up with the progress towards a public release of the upcoming Creators Update. Microsoft wants to make sure you know it’s coming soon, and so it added a brief notice in the Update Status section of the Settings app letting you know it’s on its way.
Note that If you click on that “Yes, show me how” link, then you’ll be directed to a page indicating that you’ll be “one of the first to experience the Windows 10 Creators Update.” If you don’t want to be one of the first, then presumably you don’t want to click on this link. If you really want to get the Creators Update early, then of course you can join the Windows Insider program on the Fast Ring and the latest Windows 10 preview build is probably pretty close to what’s going to be publicly released.
You can check out the complete list of fixes in the March 2017 Patch Tuesday release at Microsoft’s Technet site. You can also download the update from Microsoft’s Update Catalog, and if you do then you’ll notice that the download utilizes the new “delta update” method that helps to keep updates smaller and more palatable for IT departments with thousands of machines to update.
It’s always a good idea to let Windows install its Patch Tuesday updates on time. This month, it’s even more important, because you’re getting sixty days of updates including some vulnerabilities that are known and in the wild.