News Centre

Microsoft Issues New Software Updates for 17 Critical Vulnerabilities

Article by Diogo Correa
September 13, 2018

SHARE THIS POST:

Microsoft Patch - Tech Patrol

Microsoft usually does updates to software on a regular basis however, usually a large number of these updates aren’t critical however for the release of September Patches, a total of 61 Vulnerabilities were found, with 17 of them rated as critical, 43 are rated as Important whilst only 1 is of Moderate severity.

Make Sure you Subscribe to receive our monthly newsletter regarding all new patches and vulnerabilities.

With these updates 4 of the security vulnerabilities patched by the tech giant have been listed as “Publicly kown” and most likely has been further exploited in the wild at the time of this release. We definitely know that the WALPC flaw (Windows Advances Local Procedure) has been previously disclosed with proof-of-concept exploit code on August 27, 2018, by Twitter user SandboxExcaper.

Although Microsoft chose not to release an out-of-band patch for the Windows ALPC flaw, a third-party patch from micropatching vendor 0patch was released on Aug. 30. Mitja Kolsek, co-founder of 0patch, noted in a blog post that the patch they released was “functionally identical” to the patch released by Microsoft.:

The vulnerability affects the Windows Task Scheduler and can allow an attacker to obtain elevated system privileges.

 

 

Microsoft noted the issue would require an attacker to log on to the target system. The vendor labeled the Windows ALPC flaw (CVE-2018-8440) as “important,” but not “critical,” in its Patch Tuesday advisory, despite the vulnerability being actively exploited in the wild.

This months security update affects:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • Microsoft.Data.OData
  • ASP.NET

You can find the official Microsoft patches here.

 

 

Besides this, Microsoft has also pushed security updates to patch a critical remote code execution vulnerability in Adobe Flash Player, details of which you can get through a separate article posted today.

Adobe has labeled the same privilege escalation vulnerability (CVE-2018-15967) as important, while Microsoft marked it as a critical remote code execution flaw.

Users are strongly advised to apply all security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.

For installing security updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

If you need assistance or you’re not sure if you’re infected or not contact us today for a free systems check

Share your thoughts in the Comments section:

Subscribe For The Latest In Technology

Other Posts You May Like

TECH NEWS & UPDATES

Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.

RECENT POSTS

Microsoft Azure

Introduction to Azure – A Core Cloud Service

Microsoft Responds to COVID-19

Microsoft Responds To COVID-19 By Offering E1 Licenses Free For The Next 6-Months

teams_video_calls_intelligent_workplace

Microsoft Teams vs Zoom. What is right for your business?

Microsoft Azure

Azure Firewall Manager now supports virtual networks.

White Paper

Enjoy this free eBook

Tech Patrol - Microsoft Office 365

White Paper (Why businesses Are Migrating to Cloud)

  • This field is for validation purposes and should be left unchanged.
microsoft-issues-new-software-updates-for-17-critical-vulnerabilities-tech-success
Scroll to Top