Microsoft has released patches for 60 vulnerabilities which includes fixes for two zero-day vulnerabilities which are under active attack
Microsoft has released patches for 60 vulnerabilities which includes fixes for two zero-day vulnerabilities which are under active attack.As part of monthly patch Tuesday update Microsoft released patches for 60 flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.In the patches released 19 were rated as critical, 39 as important, one as moderate and one rated as low severity.In this security, updates patches were released for two zero-day vulnerabilities CVE-2018-8373 and CVE-2018-8414 which are being exploited in wild.The CVE-2018-8373 is a remote code execution vulnerability exists in internet explorer version 9, 10 and 11 and impact all supported version of windows. The vulnerability could be exploited by remote attackers to take control of a vulnerable system by tricking users to view a specially crafted website through Internet Explorer.“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.” said in the advisory published by Microsoft.
You may be interested in reading: Oracle Urges Customer to Patch a critical vulnerability in Oracle Database ProductThe second zero-day flaw CVE-2018-8414 resides in the windows shell when it does not properly validate file paths.An attacker could exploit this vulnerability to run arbitrary code in the context of the current user. If the current user is logged in as administrator, the attacker could take control of the affected system.“An attacker could then install programs; view, change, or delete data; or create new accounts with elevated privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.” said in the advisory published by Microsoft.Next one is a buffer flow vulnerability (CVE-2018-8273) affecting Microsoft SQL Server 2016 and 2017. The vulnerability could be exploited by the attacker remotely to execute arbitrary code in the context of the SQL Server Database Engine service account.Patch were also released for a remote code execution vulnerability (CVE-2018-8350) existed in the Microsoft Windows PDF Library when it improperly handles objects in memory.Microsoft has also released three security advisory (ADV180018,ADV180020,ADV180021,) which includes patches for non-windows security issues.Microsoft has also released three security advisory which includes patches for non windows security issues.Users are advised to install the security update as soon as possible. For more detail, about the vulnerabilities and patches, you can visit the Microsoft security update guide here.
You may be interested in reading: Researchers Discovered Critical Flaws in Leading mPOS Devices