Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsMicrosoft not patching known vulnerability

xpd

xpd

Geek @ Coastguard NZ
13771 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

#307126 22-Sep-2023 10:30
Send private message

As part of a security project I'm involved in, I get reports on what vulnerabilities are on our network connected workstations etc. 

 

One of those vulnerabilities appearing is on EVERY workstation, and every single Windows machine I've touched in the past year, regardless if its business or consumer owned.

 

Now, this vulnerability (it is a minor one) is part of Windows, and NOT 3rd party related.

 

Microsoft knows about it, as they even have the registry fix for it in their knowledge base. 

 

So, why do they not add it to an update to be pushed out to everyone ? Would save people like me some time in having to eliminate it. 

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

Create new topic
michaelmurfy
meow
13273 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3130411 22-Sep-2023 10:53
Send private message

What vulnerability is this? (feel free to PM me).




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



gzt

gzt
17163 posts

Uber Geek

Lifetime subscriber

  #3130438 22-Sep-2023 12:09
Send private message

xpd: So, why do they not add it to an update to be pushed out to everyone ? Would save people like me some time in having to eliminate it.

In some cases because the update has not completed a full test cycle. In some cases because the update has completed a full test cycle and there is some readme issue that will adversely affect a significant number of customer base if applied without consideration as a side effect of increased security.

xpd

xpd

Geek @ Coastguard NZ
13771 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #3130459 22-Sep-2023 13:17
Send private message

Vulnerability in question.....

 

CVE-2013-3900 - Security Update Guide - Microsoft - WinVerifyTrust Signature Validation Vulnerability

 

 

 

I understand that maybe it will break something 3rd party, but shouldn't that vendor then fix their software anyway rather than "forcing" people to avoid patching Windows ?




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 



Ruphus
465 posts

Ultimate Geek


  #3130472 22-Sep-2023 13:53
Send private message

The information is all in the security article. The fix is pretty simple to apply but should be tested to confirm that binaries used in the environment adhere to the stricter Authenticode signature verification behavior. It's up to the software vender to implement and re-sign the binaries and no-one can force them to do that if they don't want to.

Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright