Get the January 2020 Patch Tuesday patches installed

This month has seen a whole lotta hand waving and sky-is-falling-caliber rhetoric, but the reality is much more prosaic. If you aren’t running a major network (and thus aren’t susceptible to the imminent problems with Remote Desktop Gateway, the Citrix network bugs or the whopping 334 patches in Oracle), there’s been little reason to install this month’s updates. 

Still, work on cracking the CurveBall CVE-2020-0601 security hole continues at a furious pace. Some security companies are using CurveBall to sell more product, but the free Microsoft Defender catches at least some afflicted programs; Firefox, Chrome and Edge won’t fall for it; and pre-Win10 versions of Windows (Seven Semper Fi!) have never been exposed.

With several working proof-of-concept routines readily available — but no attacks, and indeed no sign that a general attack is imminent — patching for CurveBall falls in the “abundance of caution” bucket. Since we’ve seen few weird problems with the January patches, now seems like a good time to get patched up.

As usual, Patch Lady Susan Bradley has a detailed analysis in her Patch Watch column with a full patch-by-patch reckoning in her Master Patch List (paywall; donation requested).

Here’s how to get your system updated the (relatively) safe way.

Make a full backup

Make a full system image backup before you install the latest patches.

Copyright © 2020 IDG Communications, Inc.


Leave a Reply

Your email address will not be published.