Adobe and Microsoft discover critical vulnerability gaps
Microsoft and Adobe released patches this Tuesday to patch critical security vulnerabilities in their products. Patch released by Microsoft fixes near 80 security issues in variety of its Windows operating systems and its associated software’s. The patch included a fix for 2 vulnerabilities which is already being exploited by the attackers.
Further, adobes release of new flash player resolves two flaws that attackers or malware could use to seize remote control over vulnerable computers with no user interaction.
Patch released by Microsoft (CVE-2017-8759) which is actively being exploited, it is surprisingly labelled as “important” instead of “critical”. More than 10 faults remedied by Microsoft come labelled “critical” which reflects they could be exploited without the help of the users.
The CVE-2017-8759 discovered and remedies the following: “A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would first need to convince the user to open a malicious document or application.
The security update addresses the vulnerability by correcting how .NET validates untrusted input.
A second vulnerability that Microsoft rectified is in CVE-2017-8628, which is a fault in Bluetooth wireless data transmission standard that attackers could potentially use to sniff data from Bluetooth enabled devices.
You can also see more information about September Patch Tuesday from Ivanti here:
Adobe’s new Flash version- 220.127.116.11 for Windows, Macs and Linux systems corrected its two critical flaws. These updates address two critical memory corruption vulnerabilities that could lead to code execution.
Users of Windows who browse the Web other than Internet Explorer may need to apply the Flash patch twice, once with IE and again using the other browsers.
Chrome and IE auto-installs the latest Flash version on browser restart. Users who are browse using Chrome users may need to restart the browser to install or automatically download the latest version.
You may consider even removing Flash Player as it has always been a persistent target of malware attacks. Number of sites have transitioned away from having flash as a requirement.