قالب وردپرس درنا توس
Home / Technology / Patch Tuesday, October 2018 Edition — Krebs on Security

Patch Tuesday, October 2018 Edition — Krebs on Security



Microsoft this week has released software updates to solve about 50 security issues with various versions of its operating system Windows and related software, including an already exploited defect and another for which code exploit is publicly available.

The zero-day bug – CVE-2018-8453 – covers the versions of Windows 7, 8.1, 10 and Server 2008, 2012, 2016 and 2019. According to the security company Ivanti a l & # 39; attacker must first log into the operating system, but can exploit this vulnerability to gain administrator privileges.

Another vulnerability applied last Tuesday ̵

1; CVE-2018-8423 – was publicly disclosed last month along with the sample exploit code. This defect involves a component deployed on all Windows machines and used by many programs and could be exploited by allowing a user to open a specially crafted file, such as a document Microsoft Office with an explosive trap.

KrebsOnSecurity frequently suggested that Windows users wait a day or two after Microsoft has released monthly security updates before installing fixes, with the rationale that occasional patches can cause severe discomfort to users installing them before all the nodes are resolved.

This month, Microsoft briefly suspended updates for Windows 10 users after many users reported losing all files in the "My Documents" folder. The worst part? Rollback of previous saved versions of Windows before the update did not restore the files.

It seems that Microsoft has solved the problem, but this type of incident shows the value not only of waiting a day or two to install updates, but also to manually back up data first to install the patches (that is, simply to rely on Microsoft's System Restore feature to save the day if things go haywire).

Fortunately, Adobe saved us an update this month for its software Flash Player even though it sent a non-security update to Flash.

For more information on this month's Patch Patch, check out the Ivanti and Qualys posts.

As always, if you encounter problems during the installation of one of these patches this month, do not hesitate to leave a comment about it; there are good chances that other readers have experienced the same and might even add some useful suggestions here. My apologies for the delay of this post; I traveled to Australia last week with only sporadic access to the Internet.



Tags: CVE-2018-8423, CVE-2018-8453, Ivanti, Microsoft Patch Tuesday October 2018

You can skip to the end and leave a comment. Pinging is not currently allowed.


Source link