Patch Tuesday May 2019: all the security update news you need for your small business this month. Patch Tuesday is the 2nd Tuesday of the month when most software companies release their updates.
Sophos versus Microsoft
The Sophos antivirus company asked their users to uninstall a critical Windows patch. Apparently their antivirus software causes Windows computers to hang after rebooting with the critical patch installed.
Microsoft deemed the Remote Desktop vulnerability so critical it took the unusual step of releasing patches for Windows XP and Server 2008. Microsoft hasn’t patched those systems in many years as they are no longer supported.
So do you trust your antivirus company more than Microsoft? Should you get a new antivirus product that plays better with Microsoft? In the last two years almost all of the major antivirus products have had conflicts with Windows updates. This is despite Microsoft giving software companies a chance to test their patches before releasing them.
For this particular problem there are two possible solutions. If you’re not running Remote Desktop services on your computers, you can roll back that patch until Sophos fixes the problem. If you are using Remote Desktop services, you could uninstall Sophos and rely upon the built in antivirus program (Windows Defender) until Sophos fixes the problem.
This is terrible choice for businesses to make. I blame both Microsoft and the antivirus companies for not testing their products properly before releasing them.
Other Microsoft Mayhem
Microsoft patched 79 vulnerabilities including fixes for 22 critical problems. Several of the vulnerabilities are already being used by hackers to attack Windows computers and the Edge browser.
It costs Microsoft a lot of money to patch old systems like Windows XP and Server 2003. That they did so is a strong indicator that this patch needs to be installed as soon as possible. More details here.
Adobe Hot Flash
Adobe released patches for Flash, Acrobat and Acrobat Reader last week.
Adobe also announced that anyone using older versions of their products, such as earlier versions of Creative Cloud Suite, might be sued for copyright infringement by a 3rd party. No, really. I’m not sure if this is legal in Canada let alone in the United States where Adobe is located. Just part of a growing trend where software companies are getting very aggressive about making users upgrade.
It’s been awhile since we’ve had a good Java Jive update. Oracle released that update April 16th. Java will no longer be supported past next year. I recommend you uninstall Java rather than patch it.
Apple released updates for all their products on May 13th. Most important are the security updates for Mac OS Mojave, High Sierra and Sierra. More details on Apple security updates can be be found here.
Patch Tuesday May 2019
An ounce of patching is cheaper than a pound of hacking. Make sure you have a good backup before you get patching.