Windows 10: Microsoft addresses 17 critical vulnerabilities in Tuesday’s Patch update

Microsoft as part of its Patch Tuesday cycle released new security updates for all its supported versions of Windows. The security updates are part of the July 2018 Patch Tuesday cycle.

The Redmond Giant has fixed 54 vulnerabilities with the latest Patch Tuesday update. There are 17 such vulnerabilities which the Redmond Giant has termed as critical.

The 17 vulnerabilities which Microsoft has fixed are pertaining to the company’s browser Internet Explorer and Microsoft Edge. Microsoft requests users to install the 17 critical updates to stay away and protected from any vulnerability since they effect the browsers of all supported versions of Windows.

Microsoft states: “A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted.

Microsoft confirms that the security flaw found in Internet Explorer makes it easy for an attacker to exploit the vulnerability and force the browser to load restricted data. This security flaw hasn’t been disclosed publicly and hence the company would like the users to download the security updates at the earliest.

The same vulnerability is also effecting Microsoft Edge browser on systems which have downloaded the Windows 10 April 2018 update. The vulnerability allows the attacker to take full control of the PC and steal important data from the effected PC.

“In all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker’s site,” Microsoft says.

The Microsoft Edge browser vulnerability has been discovered only for users who have downloaded Windows 10 April 2018 update and doesn’t exist for Microsoft Edge browser on older versions of Windows 10.

To download the latest Patch Tuesday update, you would need to go to Windows Update section and need to reboot the device to complete the deployment of the fixes.

The post Microsoft addresses 17 critical vulnerabilities in Tuesday’s Patch update appeared first on Windows Latest

Weiterlesen...

 

Microsoft's infamous 'Patch Tuesday' addresses seven flaws

Yesterday, Microsoft patched seven problems with Windows XP SP2. The three updates that were marked "critical"-

• An update to Windows Internet Explorer 7
• Windows Media Player patch
• Visual Studio 2005 fix

The last four updates marked "important" fix flaws in Outlook Express, the SNMP network management protocol, fix privelage problems, and patch a problem with remote installation services. You can read a full rundown of December's Patch Tuesday here. A recent flaw discovered in Microsoft Word remains unpatched.

Source: The Register

 

Microsoft passes 130 security fixes for 2015 with final Patch Tuesday


Microsoft passes 130 security fixes for 2015 with final Patch Tuesday update
by Dan Worth

09 Dec 2015

Microsoft issues final 2015 Patch Tuesday update

Microsoft has issued its final Patch Tuesday update of 2015, taking the total number of security fixes for the year to 135. This is well in excess of the 85 issued in 2014.

The December update contained 12 fixes, eight of which are rated critical while the other four are rated as important.

The critical fixes relate to key Microsoft products including Internet Explorer, its new Edge browser, the Silverlight video player and issues within Windows, as well as Skype for Business and Lync. The four important fixes all relate to Windows.

The MS15-124 fix for Internet Explorer is a cumulative update for the browser, fixing several issues. Microsoft said the most severe of these could allow remote code execution if a user visits a specifically crafted web page in IE. The Edge update fixes the same problem.

“An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user,” explains Microsoft in its notes.

Meanwhile, the MS15-128 fix covers similar issues in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync and Silverlight.

“The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a web page that contains specially crafted embedded fonts," Microsoft's notes explain.

One other notable fix is MS15-135, which, while only rated as important, is the issue that Qualys CTO Wolfgang Kandek said businesses should focus on first, as it addresses a zero-day vulnerability within the Windows kernel.

“There is no further information about how widely spread the vulnerability and its exploit are, but it is worth a top spot in our priority list," he said.

Another fix Kandek said IT admins should focus on is MS15-131, which covers an issue within Microsoft Office and is rated as critical.

"CVE-2015-6172 is a critical vulnerability in Outlook that is triggered by a maliciously formatted email message," he said.

"There is no reasonable workaround: Microsoft suggests turning off the preview pane - the digital equivalent of 'Just don’t do it', so patch this vulnerability as soon as possible."

Kandek also said that while part of the increase in vulnerabilities found and fixed in 2015 can be attributed to the release of new products, such as Windows 10 and its Edge browser, the focus on finding security issues is also growing.

“The majority of the increase is due to new parts of the Windows ecosystem that are being investigated for the first time, a tendency that shows how much more important computer security has become over the years," he said.

Patch Tuesday

Microsoft passes 130 security fixes for 2015 with final Patch Tuesday update - IT News from V3.co.uk

 

Microsoft Releasing Eight Patches Next Week

November's Patch Tuesday is coming up and it will see Microsoft deliver eight fresh software updates - three rated 'Critical' and five rated 'Important'. These patches will address vulnerabilities found in Windows, Office and Internet Explorer. The updates are set to be released this Tuesday, November 12, at about 10:00 a.m. PST.

For a bit more info on the patches check out the Advance Notification found here.