Patching in Review – Week 52
It’s the last week of the year everyone, and while there aren’t any major security releases to get out over the holidays, here are some of the more notable articles for the week.
A new Google Chrome exploit is sweeping the web where websites can force a system’s disk usage to 100%. Fossbytes details a tech support scam website that will falsely warn a user that their system is infected. Fortunately, this can be remediated by simply ending the Chrome task, but hopefully we will expect a Google Chrome update to fix this soon.
Our favorite security researcher, SandboxEscaper, has released her fourth proof of concept for the year and the second for the month on a Microsoft Windows zero-day vulnerability. BleepingComputer details the PoC where pci.sys gets overwritten, which ultimately bricks the operating system. This exploit appears to be hard to reproduce, but security researchers have confirmed the vulnerability. Following Microsoft’s response to the two previous vulnerabilities, we should expect a patch on the upcoming Patch Tuesday.
Third-Party Updates
Although there were no security releases for the week, we did have the usual list of non-security releases. These might not have any CVEs assigned to them, but they might contain important performance and stability improvements:
Software Title |
Ivanti ID |
Ivanti KB |
GoodSync 10.9.21.6 |
GOODSYNC-107 |
QGS109216 |
Opera 57.0.3098.110 |
OPERA-196 |
QOP5703098110 |
Microsoft Power BI Desktop 2.65.5313.841 |
PBID-047 |
QBI2655313841 |
Notepad++ 7.6.2 |
NPPP-087 |
QNPPP762 |
KeePass Classic 1.37 |
KEEP-029 |
QKPC137 |
7-Zip 18.06 |
7ZIP-012 |
Q7ZIP1806 |