Posted on 04/27/2015 10:56:16 PM PDT by dayglored
An 'important' patch from this month’s Black Tuesday causes odd problems in many applications.
It’s taken more than a week for various problem reports to take on a coherent theme, but it now appears as if an “elevation of privilege” patch for Windows, MS 15-038/KB 3045999, causes intermittent problems with a wide array of software....
[For example, on systems with McAfee:]
Several applications fail to start after you install Microsoft Patch MS15-038 on systems with DLP [Data Loss Prevention for] Endpoint. Affected applications include, but are not limited to:
- CMD.EXE
- Explorer.EXE
- MMC-based applications
- Microsoft Office applications
- PowerShell
... it’s another case of the cure being worse than the disease. KB 3045999 fixes an escalation of privilege vulnerability that only applies if the bad guys have already logged into your computer, and are able to run a program they devised. There’s a reason why it’s listed as “important.”
(Excerpt) Read more at infoworld.com ...
...You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".
What if you don’t run McAfee?
Well, then you won't be bothered by those particular bad effects.
But check the article for the list of OTHER applications that got scrambled by this Patch. It's not just McAfee that got hit.
I am curious about what exactly is making these programs fail. Hopefully, they were not relying on the escalation of privilege vulnerability to get around coding security stuff properly :-)
This is why client-based DLP is bad. If you’re in business and care about DLP, you should have an enterprise solution that sits behind your firewall.
I am shocked... SHOCKED... to think that programmers might use such a dodge! /s
It certainly wouldn't be the first time I'd encountered it.
Or the second.
Or the hundredth... :)
And (hate to say it) ya can't trust the users to do what's right.
You need client based DLP as well as a network level approach. We run Mcafee DLP/HIPS (flash drive prevention/monitoring) on the client along with MOVE at the VM host level. Combine it with a good firewall and proxy and it’s a fairly robust setup.
This update only rolled out to our pilot testers for updates. I’m pulling it from hitting the entire enterprise. We had two tester machines go down in the last week due to explorer.exe crashing which I bet was due to this update. And we have Mcafee.
Thanks. I’m still at the Dummy 101 level and do have a son who is a techie but some questions I would rather not ask him!
Which is why I don’t have McAfee.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.