It’s time to upgrade your systems and software. Just days ago, Microsoft released the latest Patch Tuesday monthly release for September 2018, eliminating 61 security vulnerabilities, 17 of which were critical vulnerabilities, 43 critical and one middle level. Updates to this month’s vulnerabilities in Microsoft Windows include Edge, Internet Explorer, MS Office, ChakraCore, .NET Framework, Microsoft.Data.OData, ASP.NET. Four of the security vulnerabilities that were patched by this technology giant this year are listed as “known,” and are likely to be abused when rendered ruthlessly.
CVE-2018-8475: RCE Critical Vulnerability in Windows
One of the four widely-disclosed vulnerabilities is a major flaw in remote code execution ( CVE-2018-8475 ) in Microsoft Windows and affects all versions of the Windows operating system including Windows 10. The Windows RCE vulnerability is that Windows specifically manipulates image files. To execute a malicious code in a target system, all that a remote attacker needs to do is just convince a victim to view an image. Depending on the severity and ease of extraction, you can expect to target Windows users in the coming days.
CVE-2018-8440: License vulnerability has increased in Windows ALPC.
The latest patch update focuses on the zero-day vulnerability in the Advanced Call Request (ALPC) on Windows, which was released last week on Twitter. If exploited, a fault ( CVE-2018-8440 ) can allow a local attacker or malicious program to obtain and execute code with privileges from the management system on target machines. According to Microsoft, this defect is seriously exploited and requires immediate attention. Proof of proof (PoC) is available
for this defect in Windows Github.
CVE-2018-8457: Script Engine Engine Corruption Vulnerability
Another commonly discovered defect is a code execution vulnerability ( CVE-2018-8457 ) that exists in the script engine, allowing a script engine to correctly handle objects in memory in Microsoft’s browsers, allowing one The invalid striker runs the desired remote code in a targeted system for the currently logged-in user. Microsoft explains: “If the current user logs in with administrative privileges, an attacker who successfully exploits the vulnerability can take control of a vulnerable system. “An attacker can install programs, view, modify, or delete data, or create new accounts with full user privileges.” The vulnerability affects Microsoft Edge, Internet Explorer 11, and Internet Explorer 10. Lays.
Two remote implementation vulnerabilities for Windows Hyper-V code
This month’s patch update, which includes patches for two critical remote control vulnerabilities in Windows Hyper-V, is a native hypervisor for running virtual machines on Windows servers. There are both disadvantages (CVE-2018-0965) and (CVE-2018-8439) when Windows Hyper-V on a host server fails to validate the authentication of a valid user in a guest operating system. Both RCE vulnerabilities can be exploited by a malicious guest by executing a specific application in the virtual operating system, eventually executing arbitrary code on the host operating system. The patch for all Microsoft vulnerabilities In addition, Microsoft has also put security updates to fix the remote code defect in Adobe Flash Player.
Adobe is also critical of the resilience rating (CVE-2018-15967), while Microsoft has identified it as a flaw in remote code execution. It is strongly recommended that users use the security patches as soon as possible to remove hackers and cybercriminals from their computers. To install security updates, go to the Update & security section and in the Windows Update, select Check for updates, or you can manually install the update.