JON IS SAD; as an IT bloke, Patch Tuesday is basically the one day he has to do some work and stop discussing incorrect Game of Thrones theories with his fellow server-wrangling pals.
This week, Microsoft decided to drop some 53 bug fixes for its Edge and Internet Explorer (lol) browsers, Outlook, Skype for Business, SharePoint, and PowerShell Editor Services to name few; Jon won’t be having his lunchtime beer today.
While he’d normally just tell Peter the intern to stop tweeting and do the patching for him, Jon’s scrolling through the list of bug fixes reveals that some 25 of Redmond’s patches plug holes for remote execution attacks. Give said attacks are pretty nasty, Jon lets out a world-weary sigh as he knows he’ll have to do this patching himself.
But just before he decamps from his spot behind a pseudo fort of dusty motherboards, snaking cables and tattered copies of Viz, he spies another batch of patches that have been blasted out of Intel, a bit like that iconic scene in Alien.
Rubbing his dry eyes, Jon spies a suite of advised fixes from the chipmaker, ranging from the CVE-2017-5704 fix that stops hackers with local access to a PC from yanking BIOS or AMT passwords out of the machines memory, to a rather important fix for a fresh side-channel attack that’s a variant of Spectre, the bug that just keeps on bugging.
Intel’s cavalcade of fixes also address a denial of service flaw in BMC firmware, patches an error that allows an elevation of privileges in the Converged Security Management Engine, as well as a similar privileges elevation bug in fourth-gen and later Core processors.
But tat his point Jon is about ready to throw Jemima, his much loved Lenovo ThinkPad, out of the window in disgust at the fact he actually needs to do his job today.
Then the excrement really hits the air conditioning; Jon notices Adobe has knocked out a bunch of fixes for Adobe Reader and Acrobat.
The software maker has nearly double the number of patches Microsoft released, with 104 CVE-listed vulnerabilities up for fixing. Jon would normally drag his heels here, but Adobe branded a good deal of the patches as ‘critical’ and others as important, so he needs to take action, particularly as the bugs allow for remote execution and the leaking of information.
Even the much-hated Flash Player has two flaw-fixing patches; Jon has thoroughly moved away from Flash so he’d normally not give a damn, but Morris over at accounts loves playing Flash games during his lunch hour, and sadly his computer is full of sensitive data.
Thing is, Jon really doesn’t like Morris, what with his lack of desire to “look at the pair on er'” on page 3 of The Sun, and Morris always want to extol the virtues of green tea to Jon, who’s only happy with PG Tips with five sugars in his favourite ‘professional muff diver’ mug.
Shaking himself out of his grump, Jon drags himself toward the server room, stopping only to ogle Alice on the design team. We advise other IT and system admins to do the same, by which we mean get patching rather than get embroiled in an HR issue. µ
Source : Inquirer