DEV Community

Andrew Tetzeli
Andrew Tetzeli

Posted on

DevOps Fail: "Windows Update Zero-Day Being Exploited to Undo Security Fixes"

In not-good news for DevOps, Microsoft released vulnerable software as part of its Updates subsystem. The flaw allowed the rolling back of patches to -- you guessed it -- other security flaws. Security Week

We're waiting for it to reach the update-to-patch-flawed-update-to-fix-flawed-update-in-the-prior-update stage.

Stay tuned. We'll keep you posted.

From the Microsoft bulletin:

“Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015)."

Image description

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more