Microsoft's monthly security updates - also known as Patch Tuesdays - have been released with fixes to 62 security vulnerabilities. Among them there is (finally) its repair 0day released via Twitter last month.
The security updates released this month cover many Microsoft products: Windows, Microsoft Edge, Internet Explorer, ASP.NET, .NET Framework, ChakraCore Edge, Adobe Flash Player, Microsoft.Data.OData, Microsoft Office, various Microsoft services Office and Web applications.
Of all the 62 repairs, the most important is the CVE-2018-8440. The security loophole allows malware or an attacker that already exists on a system to gain access to the system level by exploiting a flaw in the Windows Local Task Scheduler Advanced Local Call Call (ALPC) function.
Details of this vulnerability were published in late August at Twitter και χρησιμοποιήθηκε σχεδόν άμεσα σε μια ενεργή καμπάνια διανομής κακόβουλου software by a criminal group known as PowerPool.
As for the other serious vulnerabilities that are being fixed but not yet used in attacks, according to Microsoft. The three are:
CVE-2018-8409 – System.IO.Pipelines Denial of Service
CVE-2018-8457 - Vulnerability to erase the memory of the Scripting Engine
CVE-2018-8475 - A theme for remote code execution in Windows
Of these three, the first is described as "Important", while the second and third as "Critical." Of the 62 vulnerabilities that are being fixed this month, 17 are classified as "Critical".
In addition to the flaws in its products, Microsoft has also released fixes for the big patient Adobe Flash Player.
Flash Player updates (ADV180023), are also included in the Patch Tuesday of September 2018. This month, Adobe was released a repair for a single security flaw in Flash Player, (CVE-2018-15967).
_________________________
- Cloud: Google Drive, Dropbox, or OneDrive. What's the best?
- Apple: The future of the company looking at Siri's coffee
- Google: our company is also watching offline
- Facebook: best to apologize for permission
