Reported that 17 'fatal vulnerabilities' were discovered in Microsoft software

by Mike Mozart

In the security report released in September 2018, Microsoft has found that a total of 61 new vulnerabilities have been discovered in its own software and applied a patch. Microsoft also reports that 17 of the vulnerabilities discovered were "fatal vulnerabilities".

September 2018 Security Updates

Microsoft Issues Software Updates for 17 Critical Vulnerabilities

The newly patched software includes Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft.Data.OData, ASP.NET It is said that it contains things such as.

by bruce mars

Also, among the vulnerabilities that Microsoft patched, the following four vulnerabilities are said to be "generally known", and it is highly likely that they are misused by hackers.

◆ 1: Vulnerability related to Windows Critical RCE There is a remote code execution vulnerability affecting all Windows OS including Windows 10 as one of the disclosed vulnerabilities. This is a problem that Windows handles image files, hackers can send malicious code by sending images processed with special processing to the target, and displaying them on Windows about.

◆ 2: Vulnerability on Windows Task Scheduler
The vulnerability that exists in "Advanced Local Procedure Call (ALPC)" of Windows Task Scheduler seems to allow a local attacker to acquire the administrator's rights of the target machine and execute malicious code. Microsoft is calling attention as this technique has been confirmed as already exploited cases.

◆ 3: Script engine memory corruption vulnerability Some of the disclosed vulnerabilities do not allow the Windows script engine to properly process the memory in the Microsoft browser. This seems to allow hackers to execute code remotely without permission if the user is logged in with administrator privileges, and affects Microsoft Edge, Internet Explorer 11, Internet Explorer 10, and so on.

◆ 4: Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V is a product that runs a virtual machine on a Windows server, but vulnerability has been confirmed in its remote code execution. Exploitation of this vulnerability means that a malicious user can execute a malicious application on a virtual machine and finally can execute the code even on the OS of the host server.

Several vulnerabilities are already being exploited by hackers, and Microsoft recommends installing security updates ahead of time.

by public domain

in Software,   Security, Posted by log1h_ik