Thursday , April 15 2021

It's November 2018, and Microsoft's super-secure Edge browser can push it eight different ways via a webpage • The Register



Microsoft and Adobe have introduced the November issue of Patch Tuesday with a substantial bundle of security defects for installation as soon as you can.

It is often the testing and installation of the installations before development is developed to increase the vulnerability.

BitLocker Bugs and TFTP Problems for Redmond

In this month, Microsoft has set out solutions for 62 weaknesses that have been listed by CVE for its workstation and Windows server publications as well as Office, Edge and Internet Explorer.

Among the 62 bugs there are eight for the Chakra scripting engine in the Edge browser. All weaknesses are remote cell operating defects that would, if they were exploited by a scandalous page, allow the attacker to run malware, and perform actions on the machine that has had it incorporated with the user user's level of consent. All are listed as critical & critical.

He also won the critical CVE-2018-8476 label, a lack of remote operation in the Trivial File Transfer Protocol (TFTP). Jimmy Graham, product management director at the Qualifications security company, said servers that will install and control Windows boxes from far over a network for giving detailed attention to that installation.

"Microsoft Windows Use Services (WDS) use TFTP to support the use of images using PXE," explained Graham.

"The package should be prioritized for CVE-2018-8476 if WDS is used in your environment."

Remote code beetles were also part of the Microsoft Graphics Component (CVE-2018-8553), Dynamics 365 (CVE-2018-8609), and Windows VBScript Engine (CVE-2018-8584).

Administrators will also want to make sure they record the publicly disclosed bug from CVE-2018-8584 (publicly disclosed privileges disclosure window in Windows ALPC), CVE-2018-8566 (BitLocker encryption bypass), to CVE-2018-8589 (Win32k appearance of a privileged bag that has already targeted in the wild).

Elsewhere, Microsoft has turned two incomplete code code executions into Word (CVE-2018-8539, CVE-2018-8573), four non-script scripting defects in Dynamics 365 (CVE-2018-8605, CVE-2018-8606, CVE-2018 -8607, CVE-2018-8608) service refusal error in Skype for Business (CVE-2018-8546), and two PowerShell smoke that could allow remote remote operation (CVE-2018-8256, CVE-2018- 8415.)

Adobe is posting through updates

Adobe marked Patch Tuesday by releasing solutions for three of the most popular products.

For Flash Player, the update will go to CVE-2018-15978, a lack of reading outside boundaries that could allow an assault to see sensitive data.

For Acrobat and Reader, the November round clears CVE-2018-15978, a lack of disclosure of information that would allow attackers to lift single NTLM signal password windows. A probation code of concept has posted for the shortfall, but it has not been reported that there were any attacks in the wild yet.

Finally, for Photoshop CC, the latest information will clear CVE-2018-15980, outside boundaries reading defects that may allow disclosure of information. ®


Source link