Patch Tuesday June 2020: patches to the Nth degree for your small business this month.
Nvidia
Got an Nvidia graphics card in your desktop or laptop? Nvidia graphics cards are popular with gamers, graphic designers and other creatives. Nvidia just released patches that fix 12 different security problems with their drivers.
Sometime you will get a notification in your task tray that Nvidia needs an update. To be sure, follow this article to check if you have an Nvidia card.
Netgear
Netgear makes networking equipment aimed at the small business market. In January they were informed of security problems with almost all of their products by Trend Micro. Netgear has chosen to release patches this week for only two models, R6400 v.2 and R6700 v.3. Netgear has chosen not to patch 77 models that are also vulnerable.
This vulnerability and the code needed to exploit it have been out on the internet for months. Trend Micro is a respected antivirus and security company not some nutbar in living in their parent’s basement.
If you have Netgear products in your business and/or home network, I recommend you replace them with another brand as soon as possible. It’s clear that Netgear doesn’t give a hoot about their customers.
Ntel
I know I’m cheating on this N, iNtel. Microsoft released KB4497165 which fixes security problems with Intel processors. The patch, while dated 2020-01 didn’t show up until the end of May. Microsoft also didn’t describe very well what this patch does or the problems installing it.
First off this patch caused boot problems with some Windows 10 computers after installing it (problems with the patch may be why it was delayed from January). Calls from clients about boot problems was what first alerted me to this one. The fact that it showed up out of band (i.e. not when Microsoft normally releases patches, 2nd Tuesday of the month) makes me think that either someone has been exploiting these security problems or the patch was required before computer could install the latest major update to Windows 10.
After the patch, your computer will be slower. This is because Intel artificially increased the speed of their processors by skimping out on security. The patch stops the CPU from taking security shortcuts for speed. Intel hasn’t fixed this design problem with their current processors and it won’t be fixed on new processors until 2021 or 2022. At last count Intel is facing 32 lawsuits over the Spectre and Meltdown security flaws discovered in 2017. This patch has been released after patches for Spectre and Meltdown so, you guessed it, people have found more problems with Intel CPUs and security since 2018 when Spectre and Meltdown were discovered.
CPU security problems affect any device with that CPU in it, be it Windows 10, iPhone, OS X, Linux, etc.
Nnnn…More Microsoft Mayhem
Microsoft released patches for 129 bugs on Patch Tuesday. There followed Wailing Wednesday as the updates borked a lot of big name printers like HP, Ricoh, Canon, Epson on Windows 10 computers connect to printers via USB cable (you know, all those folks working from home). Microsoft has since released new patches that fix the printing borking patches.
I always wait a few days after Patch Tuesday to install the updates so I can avoid a Wailing Wednesday.
Hot Flash
Just in case you haven’t gotten rid of Adobe Flash on your computer, Adobe released a patch this month for Flash. Adobe also released patches for Illustrator, Premiere products and Audition. List of updates here.
Apple Bytes
Apple released updates for all their products June 1st.
The big Apple news was the announcement at WWDC of the new iOS, iPadOS and computer operating systems. And that Apple has decided to stop using Intel chips in their new products (gee, I wonder why). Here’s a roundup of all the announcements. Here’s where you can find out if your Apple devices can run the new software.
Be sure to schedule time to patch all your devices every month. An ounce of patching is cheaper than a pound of hacking.