Yama Salı Eylül 2018

 

Microsoft yamaları 62 açıkları, 17 of which are rated Critical. alenen Ağustos sonunda Twitter'da ifşa edildi sıfırıncı gün ALPC açığı için yama dahil.

Bu ay Microsoft Windows'un tüm sürümleri için beş kritik güvenlik açıklarını yamaları 10 ve Windows Server 2016, and some of them affect older versions of Windows. All are remote code execution flaws, one of which is in Hyper-V and could allow an attacker to execute arbitrary code. There are also patches for flaws caused by embedded fonts, the MS XML parser, and specially crafted image files.

ALPC Zero-Day

On 27th August a Twitter user (@SandboxEscaper) publicly released information about a zero-day Advanced Local Procedure Call (ALPC) vulnerability in Windows that could allow hackers with local access to the Task Scheduler to elevate privileges to SYSTEM. The user posted a link to proof-of-concept code, which was verified independently by the United States Computer Emergency Readiness Team (US-CERT) to work on fully-patched Windows 10 ve Windows Server 2016 64-bit sistemler.

The flaw was found in the way Task Scheduler handles Advanced Local Procedure Calls (ALPCs), which is a kernel process that allows client processes to communicate with server processes. Microsoft acknowledged the ALPC bug and in this month patches it. While rated Önemli and not Critical by Microsoft, this one is important to patch because it is already being exploited in a targeted campaign.

Among the other flaws rated Önemli, the Hyper-V BIOS loader fails to provide a high-entropy source and Device Guard incorrectly validates an untrusted file. Six elevation of privilege vulnerabilities are also patched.

Fragment Stack Vulnerability

Microsoft published a security advisory (CVE-2018-5391) for a Windows denial of service vulnerability but no fix, just a workaround. The fragment stack vulnerability was patched in the Linux kernel last month and can result in packet loss due to out-of-order IP packets being dropped. Microsoft discovered that the vulnerability also affects Windows systems and you can read about a workaround if you think you might be vulnerable İşte.

Edge and Internet Explorer

CVE-2018-8457 is a scripting engine memory corruption vulnerability in Edge and IE that could be exploited via a malicious website or Office file. While it is thought that hackers already knew about this flaw, there is no evidence that it was being exploited prior to this month’s patches. There are nine other critical patches for both browsers that are all remote code execution vulnerabilities.

Microsoft Office

Office Click-To-Run gets a critical patch for the embedded fonts flaw that was also patched in Windows. There are three important patches, two of which are remote code execution flaws and one information disclosure.

Adobe Flash

Flash is no exception this month and Adobe has patched a privilege escalation flaw rated as important and detailed in CVE-2018-15967.

, Windows 7 Aylık Toplaması

Some users have reported receiving error 0x8000FFF when installing this month’s rollup for Windows 7. According to the information I found on a support forum, this is connected to an out-of-date servicing stack. KB3177467 must be installed before this month’s rollup can be applied.

Spectre and L1TF Advisory Updates

En son ama en kötü değil, a speculative execution side-channel vulnerability, also referred to as L1 Terminal Fault (L1TF) that affects Intel CPUs, gets an updated advisory. Along with updated advice for Spectre on AMD processors. You can review the updated information on L1TF İşte, and get the latest Spectre advice İşte.

That is it for this month!

Posta Yama Salı Eylül 2018 İlk çıktı Petri.

İlgili Mesaj

Cevap bırakın

Bu site spam azaltmak için Akismet kullanır. Yorumunuz verileri işlenirken öğrenin.