Its monthly security updates Microsoft - γνωστές και σαν Patch Tuesday - κυκλοφόρησαν με διορθώσεις σε 62 κενά ασφαλείας. Ανάμεσα σε αυτά υπάρχει (επιτέλους) και η επιδιόρθωση του 0day released via Twitter last month.
The security updates released for this month affect many Microsoft products: Windows, Microsoft Edge, Internet Explorer, ASP.NET, .NET Framework, ChakraCore Edge, Adobe Flash Player, Microsoft.Data.OData, Microsoft Office various Microsoft Office services and Web applications.
Of all the 62 repairs, the most important is the CVE-2018-8440. The security loophole allows malware or an attacker that already exists on a system to gain access to the system level by exploiting a flaw in the Windows Local Task Scheduler Advanced Local Call Call (ALPC) function.
Details of the vulnerability were posted on Twitter in late August and used almost immediately in an active malware distribution campaign by a criminal group known as PowerPool.
As for the other serious vulnerabilities that are being fixed but not yet used in attacks, according to Microsoft. The three are:
CVE-2018-8409 - System.IO.Pipelines Denial of Service
CVE-2018-8457 - Ευπάθεια deletionof Scripting Engine memory
CVE-2018-8475 - An issue for remote code execution on Windows
Of these three, the first is rated as "Important," while the second and third are rated as "Critical." Out of all 62 vulnerabilities patched this month, 17 are marked as "Critical".
In addition to the flaws in its products, Microsoft has also released fixes for the big patient Adobe Flash Player.
Flash Player updates (ADV180023), are also included in the Patch Tuesday of September 2018. This month, Adobe was released a repair for a single security flaw in Flash Player, (CVE-2018-15967).
_________________________
- Cloud: Google Drive, Dropbox, or OneDrive. What's the best?
- Apple: The future of the company looking at Siri's coffee
- Google: our company is also watching offline
- Facebook: best to apologize for permission