Microsoft's monthly security updates - also known as Patch Tuesdays - have been released with fixes to 62 security vulnerabilities. Among them there is (finally) its repair 0day released via Twitter last month.
Οι ενημερώσεις ασφαλείας που κυκλοφόρησαν για αυτό το μήνα αφορούν πάρα πολλά προϊόντα της Microsoft: Windows, Microsoft Edge, Internet Explorer, ASP.NET, .NET Framework, ChakraCore Edge, Adobe Flash Player, Microsoft.Data.OData, Microsoft Office διάφορες υπηρεσίες Microsoft Office και Web applications.
Of all the 62 repairs, the most important is the CVE-2018-8440. The security loophole allows malware or an attacker that already exists on a system to gain access to the system level by exploiting a flaw in the Windows Local Task Scheduler Advanced Local Call Call (ALPC) function.
Details of the vulnerability were posted on Twitter in late August and used almost immediately in an active malware distribution campaign by a criminal group known as PowerPool.
As for the other serious vulnerabilities that are being fixed but not yet used in attacks, according to Microsoft. The three are:
CVE-2018-8409 - System.IO.Pipelines Denial of Service
CVE-2018-8457 – Vulnerability to erasing its memory Scripting Engine
CVE-2018-8475 - A theme for remote code execution in Windows
Of these three, the first is described as "Important", while the second and third as "Critical." Of the 62 vulnerabilities that are being fixed this month, 17 are classified as "Critical".
In addition to the flaws in its products, Microsoft has also released fixes for the big patient Adobe Flash Player.
Flash Player updates (ADV180023), are also included in the Patch Tuesday of September 2018. This month, Adobe was released a repair for a single security flaw in Flash Player, (CVE-2018-15967).
_________________________
- Cloud: Google Drive, Dropbox, or OneDrive. What's the best?
- Apple: The future of the company looking at Siri's coffee
- Google: our company is also watching offline
- Facebook: best to apologize for permission