Jump to content

Microsoft Releases Updates for 12 Critical Windows Vulnerabilities


nir

Recommended Posts

This month’s Patch Tuesday resolved 62 security flaws

The November 2018 Patch Tuesday rollout includes patches for no less than 62 vulnerabilities and no less than 12 of them are rated as Critical.

This means IT admins should prioritize the deployment of patches resolving these flaws, and one of the highlights is a public disclosure vulnerability in Windows 10.

Detailed in CVE-2018-8566, the issue also exists in Windows Server 2016 and Windows Server 2019, and it’s a Security Feature Bypass in BitLocker that would allow an attacker to access information which would otherwise be encrypted.

“To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot. The security update fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption,” Microsoft explains, adding that although the flaw has been publicly disclosed, it’s not aware of any exploits out there in the wild.

Windows 7 zero-day

Windows 7, Windows Server 2008, and Windows Server 2008 R2 have a zero-day vulnerability of their own detailed in CVE-2018-8589.

This time, it’s an Elevation of Privilege bug in Win32k.sys which would allow cybercriminals to run arbitrary code on the system and then gain rights to install programs or create new accounts with administrator rights.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system,” the software giant says.

This time, Microsoft says that the bug is already being exploited and recommends patching as soon as possible.

Needless to say, there are also security updates for Microsoft’s browsers – Microsoft Edge and Internet Explorer – and critical vulnerabilities are fixed here too.

Windows 10 users can patch systems by downloading cumulative updates, while the security fixes for Windows 7 and Windows 8.1 are part of the monthly rollups.

Source

Link to comment
Share on other sites


  • Views 243
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...