Microsoft's latest Patch Tuesday has passed off without incident this month. The release features a bonanza of patches following on from the February updates that had to be pulled at the last moment.
However, Microsoft still remains tight-lipped as to why last month's Patch Tuesday release was put on hold, having blamed the delay on a "last minute issue", and saying nothing more since.
The hold up is thought to be related to a Windows Server SMB zero-day exploit, which the company apparently knew about for three months, failed to fix and got released into the wild by Google's Project Zero, to Microsoft's embarrassment.
This bug has finally been fixed, with Microsoft on Tuesday releasing a mega security update haul including a bulletin that patches the Google-disclosed vulnerability in the SMB file-sharing protocol.
"The vulnerability is due to improper handling of certain requests sent by a malicious SMB server to the client," Microsoft said in the advisory. "An attacker who successfully exploited this vulnerability could cause the affected system to stop responding until it is manually restarted."
There are 18 security bulletins in total, nine of which were rated critical. These all target vulnerabilities which could enable remote code execution (RCE) by an attacker, and should be patched as a matter of priority.
MS17-006 and MS17-007 address critical vulnerabilities in Windows, Internet Explorer and Microsoft Edge, that enabled remote attackers to gain user privileges on a machine through fooling a user into viewing a maliciously-crafted website.
MS17-008 plugs a security hole in Hyper-V that enabled a full code-execution exploit if a user or a guest operating system deployed specially created code
Another patch, MS17-013, targets the Microsoft Graphics Component. This enabled remote code execution across Windows, Office, Skype for Business, Lync and Silverlight, again through the use of a dodgy website.
Other patches target malicious PDFs, a bug in Microsoft Server Message Block 1.0 (SMBv1) and, of course, Adobe Flash.
Mark Vartanyan was working for Norwegian e-healthcare firm Dignio when he was arrested
Samsung can't see a way to profitably compete against Amazon and Google
Fix being rushed out - but not quite as quickly as an ambulance to an emergency
Massive miner Rio Tinto claims 20 per cent of pit-to-port train kilometres in Australia are now driverless
Rio Tinto today, TfL tomorrow?