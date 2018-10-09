Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  News  >  Companies  >  All News

News : Companies
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance ProfessionalsCalendarSectors
All News
Analyst Recommendations
Rumors
IPOs
Capital Markets Transactions
New Contracts
Profits warnings
Appointments
Press Releases
Events
Corporate actions

Rapid7 : Patch Tuesday - October 2018

share with twitter share with LinkedIn share with facebook
share via e-mail
0
10/09/2018 | 11:53pm CEST

This month's patches from Microsoft include fixes for 49 distinct vulnerabilities. One that's already been seen exploited in the wild is CVE-2018-8453, a privilege escalation vulnerability allowing an attacker to gain full control over a system as long as they first have a way to execute code on an affected system (for example via a Remote Code Execution (RCE) vulnerability, which nearly half of this month's flaws are).

Three other vulnerabilities are not yet known to be exploited, but have been publicly disclosed. CVE-2018-8497 is another elevation of privilege vulnerability affecting Windows 10 / Server 2016 and newer. CVE-2018-8423 is an RCE in Microsoft's JET Database Engine, and affects all supported versions of Windows. The third public vulnerability is another RCE, relevant to developers who build products using the Azure IoT Hub Device Client C# SDK (CVE-2018-8531).

As usual, most of the vulnerabilities this month affect browsers (IE and/or Edge). IE 11 in particular has two nasty RCEs: CVE-2018-8460 and CVE-2018-8491 can both be exploited via browsing to a malicious web page. CVE-2018-8494 is a Critical RCE in MS XML, meaning browsers are a potential vector. Hyper-V also has two Critical RCEs: both CVE-2018-8489 and CVE-2018-8490 could allow a guest operating system to cause the host to execute arbitrary code.

Back-end administrators should take note of the updates for Exchange (resolving three vulnerabilities, two of which are RCE including one dating from 2010]), SharePoint (resolving four elevation of privilege vulnerabilities), and SQL Server Management Studio (resolving three information disclosure vulnerabilities). On the Office side, there are RCE vulnerabilities in PowerPoint, Excel, and Word related to how they handle objects in Protected View.

This is a rare month where no Adobe Flash Player security fixes came out (APSB18-35 states that only feature and performance bugs are addressed by the new release). However, today Adobe did issue security fixes for Digital Editions, Framemaker, Experience Manager and their Technical Communications Suite. Last week they also published updates for Acrobat and Reader which fixed 86 separate CVEs.

One last note: There are already patches for Windows 1809 and Windows Server 2019, both of which were just released for general availability last week (with some users reporting data loss after updating, causing Microsoft to pause the rollout).


Note: not all CVEs had CVSSv3 data available at the time of writing

Disclaimer

Rapid7 Inc. published this content on 09 October 2018 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 09 October 2018 21:52:06 UTC
share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news "Companies"
01:33aCOOPER ENERGY : New Casino Henry gas contract with O-I Australia 10 October 2018
PU
01:31aMORGAN STANLEY : rates WBC as Equal-weight
AQ
01:30aDATABASE DEVELOPMENT AND MANAGEMENT TOOLS SOFTWARE MARKET TOP PLAYERS LIKE IBM, ORACLE CORPORATION, CA TECHNOLOGIES, DELL, IMPERVA, BMC SOFTWARE, IDERA FORECAST 2023 : The research provide Industry Overview, Market history, Market competition, Development and Trade policies. The research provide investment analysis opportunities market shares profiling top key players Including IBM, Oracle Corporation, CA Technologies, Inc., Dell Inc., Imperva, Inc., BMC Software, Inc., IDERA, Inc.
AQ
01:29aNEW FUTURE SCOPE OF NEXT-GENERATION DATA STORAGE MARKET PROPHESIED TO GROW AT CAGR OF +18% BY FASTER PACE BY 2025 : Dell Inc. (U.S.),HPE Company (U.S.),NetApp, Inc. (U.S.: This report covers Next-Generation Data Storage market from the bottom line, starting from its definition. Later, it segments the market on various criteria to give a depth of understanding on the various product types and pricing structures and applications.
AQ
01:29aMOBILE POINT OF SALE (MPOS) SYSTEMS MARKET BY TOP PLAYERS : Hewlett-Packard Company, Cisco Systems, MICROS Systems, Panasonic Corp, Toshiba Corp and Forecast 2023: The Top Players Including Hewlett-Packard Company, Cisco Systems, MICROS Systems, Panasonic Corporation, Toshiba Corporation, VeriFone Systems Inc, PAX Technology Limited, Samsung Electronics Co., First Data Corporation.
AQ
01:23aKINGFISH : KFL â“ Notice of acquisition of securities 9 October 2018
PU
01:18aSEC : Bourses, firms should comply with data privacy law
AQ
01:18aMEGAWORLD : eyes P4-B sales from Pasig project
AQ
01:15aSTRAD ENERGY SERVICES : Approves $15.5 Million Increase for Industrial Matting Growth
AQ
01:11aUNIVERSAL MCLOUD : Announces Upsized Non-Brokered Private Placement, with $1.5M Confirmed Closed as First Tranche
AQ
Latest news "Companies"
Advertisement

MOST READ NEWS

1VOLKSWAGEN : VOLKSWAGEN : EU nations agree to seek 35 percent CO2 cut on cars by 2030
2S&P 500 : Ackman's Pershing Square unveils $900 million stake in Starbucks
3COBALT 27 CAPITAL CORP : COBALT 27 CAPITAL : Announces Upgrade to OTCQX Best Market in the U.S. under the Symb..
4TELIX PHARMACEUTICALS LTD : TELIX PHARMACEUTICALS : GenesisCare and Telix Enter into Strategic Collaboration A..
5SHAKE SHACK INC : SHAKE SHACK : Ho Say Boh, Singapore?! Shake Shack Expands in Asia With Plans for Singapore F..

HOT NEWS
MarketScreener.com :
About :
Stay Connected :
Partners :
Copyright © 2018 Surperformance. All rights reserved.