May 2019 Patch Tuesday forecast: Latest OS updates impact performance

Let’s start off the May forecast with a look back at April. For customers running specific endpoint security products, there were some issues with applying April OS updates. We have found articles and heard reports of systems being impacted from a performance perspective and in some cases system hangs occurred after applying the April updates.

Here is a recap of where things are with those issues:

  • Sophos released a fix on April 25 that rolled out over the next couple weeks (so wrapping up right about now) that provided a permanent fix. To verify if your systems have the fix in place you can follow these steps.
  • McAfee created an article responding to slow boot up\slow performance issues after the April updates are applied. It walks through several features and how they are configured to determine the potential origin of the performance issues. Other than verification their resolution is to call support.
  • Avira was very quick to respond with a fix. On April 11 they released an article that described the OSs and specific updates that caused the issue. Their fix was automatically updated in their product so if you are on Avira you should now be good to go.
  • Avast: As of April 22 they have updated this article to show what versions of Avast are updated and provide steps to ensure the Avast updates are applied to resolve the issue.

Last month security researchers had disclosed a vulnerability in the v8 JavaScript engine. The disclosure happened in early April, but due to vendors needing to test and validate the changes, the actual fix did not make it into Chrome until late April. The good news is, the issue has now been resolved.

A new vulnerability has been disclosed regarding how Internet Explorer processes MHT files. This is a legacy format for how the IE browser saves web pages when a user hits the CTRL+S command. While modern browsers have moved away from this format, they still have backward compatibility to open MHT files. This format has a flaw which can allow an attacker to potentially exfiltrate local files and conduct remote reconnaissance on locally installed product versions. From this information it would be easy for an attacker to determine what additional exploits they could run against the system to gain further access.

Microsoft was notified of the issue but responded with a consideration for a fix in a future version (likely by removing support for MHT files) and closed the case. So, this one will loom out in the world apparently. You should investigate alternative means of blocking MHT files if you want to mitigate the issue.

Expectations for this week:

  • Adobe has pre-announced an update for Abode Acrobat and Reader for next week. So expect that and Flash Player of course.
  • Expect the usual lineup from Microsoft. Windows, Office and Sharepoint are a certainty. Exchange and .NET have been pretty regular in the past eight months. One or both are a real possibility next week.
  • Mozilla Firefox 67 is scheduled for 5/21 so watch for that later in the month.
  • Google Chrome released multiple updates recently so we’re not likely expecting anything from them until later in the month.

Don't miss