Microsoft usually does updates to software on a regular basis however, usually a large number of these updates aren’t critical however for the release of September Patches, a total of 61 Vulnerabilities were found, with 17 of them rated as critical, 43 are rated as Important whilst only 1 is of Moderate severity.
Make Sure you Subscribe to receive our monthly newsletter regarding all new patches and vulnerabilities.
With these updates 4 of the security vulnerabilities patched by the tech giant have been listed as “Publicly kown” and most likely has been further exploited in the wild at the time of this release. We definitely know that the WALPC flaw (Windows Advances Local Procedure) has been previously disclosed with proof-of-concept exploit code on August 27, 2018, by Twitter user SandboxExcaper.
Although Microsoft chose not to release an out-of-band patch for the Windows ALPC flaw, a third-party patch from micropatching vendor 0patch was released on Aug. 30. Mitja Kolsek, co-founder of 0patch, noted in a blog post that the patch they released was “functionally identical” to the patch released by Microsoft.:
Validated and verified, our micropatch for @SandboxEscaper‘s LPE in Task Scheduler is now published and freely available for everyone to use. It currently applies only to fully updated 64bit Windows 10 1803. We welcome requests for ports to other versions at firstname.lastname@example.org. pic.twitter.com/9pNufwUehU
— 0patch (@0patch) August 30, 2018
The vulnerability affects the Windows Task Scheduler and can allow an attacker to obtain elevated system privileges.
Microsoft noted the issue would require an attacker to log on to the target system. The vendor labeled the Windows ALPC flaw (CVE-2018-8440) as “important,” but not “critical,” in its Patch Tuesday advisory, despite the vulnerability being actively exploited in the wild.
This months security update affects:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- .NET Framework
You can find the official Microsoft patches here.
Besides this, Microsoft has also pushed security updates to patch a critical remote code execution vulnerability in Adobe Flash Player, details of which you can get through a separate article posted today.
Adobe has labeled the same privilege escalation vulnerability (CVE-2018-15967) as important, while Microsoft marked it as a critical remote code execution flaw.
Users are strongly advised to apply all security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
For installing security updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.
If you need assistance or you’re not sure if you’re infected or not contact us today for a free systems check