News

Microsoft Pushes Non-Security Security Update

What do you want first, the bad news or the good? Let's start with the bad: Microsoft Corp. last night released a new security advisory, the second this week. The good news is that it doesn't actually deal with a known exploit, worm, or virus. In other words, it doesn't technically deal with security at all.

Instead, last night's advisory concerns the release of a new fix for the Windows Installer (MSI). In spite of its non-security status, Microsoft says the MSI patch is a "high priority" security update because it fixes a memory leak that can cause resource utilization levels to spike when users scan their systems using either Windows Update or Microsoft Update. The bug is the cause of several known issues, according to Microsoft. In some cases, Windows becomes unresponsive and CPU usage for the svchost process spikes to 100 percent. In other cases, users might receive an access violation error in svchost.exe. (This usually causes the Windows Server and Workstation services to stop.) In still other cases, Windows Update or Microsoft Update take hours to complete.

Call it self-imposed denial-of-service (DoS), of a sort.

"This update applies to currently supported versions of Windows except Windows Vista," writes researcher Christopher Budd on the Microsoft Security Response Center (MSRC) blog. Although Microsoft plans to push the fix via Windows Update and Microsoft Update, it doesn't expect any Catch-22-worthy irony. "I want to note that this update will install correctly even if you're experiencing this issue. However, the issue may prevent you from installing other updates (including security updates) until you apply this new update, so we encourage customers to apply this right away," Budd explains.

Nor does Microsoft see any irony in its having released a security advisory that deals with a non-security update. "Security advisories address security changes that may not require a security bulletin but may still affect customers' overall security," the advisory reads. "In this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.