Patch Tuesday brings a reprise of the Autopilot debacle, now quashed, and another Win7 nag

Patch Tuesday in December rarely brings anything worthwhile — everybody’s on vacation, or wants to be on vacation — and this month’s no exception. We got patches for 36 separately identified security holes and two new advisories, full of sound and fury but covering very little.

The one “exploited” security hole — CVE-2019-1458 Win32k Elevation of Privilege Vulnerability — shouldn’t cause any heartburn. Microsoft says:

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Then Microsoft gives the hole an “Important” severity rating, a big step below the “Critical” that’s de rigeur. Short version: Although you need to patch sooner or later, you don’t need to worry about any of the security holes right now.

The return of Autopilot

Remember back in October when Microsoft mysteriously pushed out a patch for Autopilot, a little-known app that helps companies set up new machines? I wrote about it in “Microsoft pushes, then yanks, rogue kinda-security patch KB 4523786, ostensibly for Autopilot.” 

Looks like the cows are out of the barn again. Microsoft released KB 4532441 yesterday, the latest “Cumulative update for Autopilot in Windows 10, versions 1903 and 1909: December 10, 2019.” Once again, many folks saw that they were being offered the patch (although this time it apparently only went out to 1903 and 1909 Pro customers). Once again, the patch was offered repeatedly, even after it was installed properly. Once again, Microsoft yanked the patch, then updated the KB article to say:

This update was available through Windows Update. However, we have removed it because it was being offered incorrectly. When an organization registers or configures a device for Windows Autopilot deployment, the device setup automatically updates Windows Autopilot to the latest version.

Note There is no effect on Windows Autopilot being offered to Windows 10 devices. If you were offered this update and do not use Autopilot, installing this update will not affect you. Windows Autopilot update should not be offered to Windows 10 Home.

Those who cannot remember the past are condemned to repeat it.

Copyright © 2019 IDG Communications, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *