The February Patch Tuesday issued by Microsoft again caused problems that rendered some PCs unbootable, which prompted the pullout of KB4524244 that was supposed to fix a security issue found in the Kaspersky Rescue Disk. However, the antivirus firm was quick to clarify the problematic update was not its making.
The antivirus maker maintained the security vulnerability that Microsoft has associated with the Windows 10 update was fixed in August 2019 or months after the problem was publicly acknowledged. The position by Kaspersky was clear - Microsoft released a solution to a problem that was already addressed, and it caused complications for some users.
The antivirus firm said it must not be blamed for the actions taken by Microsoft. For one, the company claimed that the patch was deployed by the Windows maker with no notice sent to Kaspersky.
"Microsoft has not reached out to Kaspersky concerning the update issue. After detailed internal analysis, our experts concluded that Kaspersky products have not been a cause of this issue," TechRadar reported Kaspersky's blog post on the issue as saying.
The same report, however, noted that Kaspersky could not wash its hands completely on the matter since the problem was caused by the company's Rescue Disk that turned out to be problematic. The only saving grace by the firm is that the issue was fixed, and the complications surfaced due to Microsoft's unilateral actions.
It can be said though that the release of KB4524244 was carried out in good faith. The motive by Microsoft was to make sure the identified vulnerability will not be used for potential attacks using the Kaspersky Rescue Disk as an entry point.
As the software giant explained, per WCCFTech, KB4524244 was released "to prevent attacks against Secure Boot using doctored previous versions of Kaspersky Rescue Disk."
Microsoft further stated: "KB4524244 addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager could expose UEFI-enabled computers to a security vulnerability."
While Kaspersky did not deny that indeed a vulnerability existed prior to its own patch and that of Microsoft's, the antivirus maker said actual attack making use of the exploit is only possible through physical access of a targeted system.
In any case, Microsoft and Kaspersky are both saying that left unpatched, the security exploit could certainly lead to possible breaches, so installing the replacement update that will be released soon is highly recommended.
As stressed by Kaspersky on its blog: "You will need to install the modified update once it is released by Microsoft."
It remains unknown when the correction from Microsoft will come out, but as pointed by the report from WCCFTech, "those who aren't experiencing any problems aren't required to remove the update," but it would be wise to get the new patch as soon as it becomes available.
