Microsoft has released today its monthly roll-up of security updates known as Patch Tuesday. In this month's update train, the Redmond-based OS maker has patched 50 vulnerabilities across nine products, including the Windows OS, Internet Explorer, Microsoft Edge, ChakraCore, the .NET Framework, ASP.NET, Microsoft Visual Studio, Microsoft Exchange Server, and Microsoft Office and Microsoft Office Services and Web Apps.
While in the previous four months the company has patched four zero-days in a row, this month's Patch Tuesday did not include security updates for actively-exploited vulnerabilities.
However, there are quite a few bugs that users need to be aware of, as they could grant attackers control over a Windows system, if they would ever be exploited, either by malware running on a PC, or after users access malicious websites.
To be more precise, there are 17 bugs in this month's Patch Tuesday marked as "remote code execution" issues, which are vulnerabilities that allow attackers a direct avenue to execute code inside various Microsoft products or Windows components without needing a foothold on a system beforehand.
Seven of these RCEs are also marked "Critical," which is also the highest severity level that Microsoft assigns to security bugs. Of the seven, three affect the ChakraCore scripting engine included in Edge, two affect Microsoft's Hyper-V server virtualization environment, one impacts Edge directly, and one affects the ubiquitous Windows DHCP client.
This table compiled by Trend Micro's Zero Day Initiative lists vulnerabilities patched this month, based on their severity.
Earlier today, Adobe released its own security updates, but only for Adobe Connect (web conferencing software) and Adobe Digital Editions (e-book reader). There were no Flash Player security updates today, but only feature and performance bugs, which were also automatically deployed to Windows users via security advisory ADV190001, included in today's Patch Tuesday updates.
Source: ZDNet Downloaded: 20190109
0 Comments