DEV Community

Andrew Tetzeli
Andrew Tetzeli

Posted on

DevOps Fail: "Windows Update Zero-Day Being Exploited to Undo Security Fixes"

In not-good news for DevOps, Microsoft released vulnerable software as part of its Updates subsystem. The flaw allowed the rolling back of patches to -- you guessed it -- other security flaws. Security Week

We're waiting for it to reach the update-to-patch-flawed-update-to-fix-flawed-update-in-the-prior-update stage.

Stay tuned. We'll keep you posted.

From the Microsoft bulletin:

β€œMicrosoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015)."

Image description

Top comments (0)