Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products.

This month’s security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server.

Out of 49 flaws patched this month, 12 are rated as critical, 35 are rated as important, one moderate, and one is low in severity.

Three of these vulnerabilities patched by the tech giant are listed as “publicly known” at the time of release, and one flaw is reported as being actively exploited in the wild.

Windows Update Patches An Important Flaw Under Active Attack

According to the Microsoft advisory, an undisclosed group of attackers is actively exploiting an important elevation of privilege vulnerability (CVE-2018-8453) in Microsoft Windows operating system to take full control over the targeted systems.

This flaw exists when the Win32K (kernel-mode drivers) component fails to properly handle objects in memory, allowing an attacker to execute arbitrary code in the kernel mode using a specially crafted application.

This month’s updates also patches a critical remote code execution vulnerability in Microsoft Windows and affects all supported versions of Windows, including Windows 10, 8.1, 7, and Server 2019, 2016, 2012, and 2008.

The vulnerability (CVE-2018-8494) resides in the parser component of the Microsoft XML Core Services (MSXML), which can be exploited by passing malicious XML content via user input.

An attacker can remotely execute malicious code on a targeted computer and take full control of the system just by convincing users to view a specially crafted website designed to invoke MSXML through a web browser.

Microsoft Patches Three Publicly Disclosed Flaws

The details of one of the three publicly disclosed vulnerabilities was revealed late last month by a security researcher after the company failed to patch the bug within the 120-days deadline.

The vulnerability, marked as important and assigned CVE-2018-8423, resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer.

For proof-of-concept exploit code and more details about this vulnerability you can read our article.

Rest two publicly disclosed vulnerabilities are also marked as important and reside in Windows Kernel (CVE-2018-8497) and Azure IoT Hub Device Client SDK (CVE-2018-8531), which lead to privilege escalation and remote code execution respectively.

The security updates also include patches for 9 critical memory corruption vulnerabilities—2 in Internet Explorer, 2 in Microsoft Edge, 4 in Chakra Scripting Engine, and 1 in Scripting Engine—all leads to remotely execution of code on the targeted system.

Besides this, Microsoft has also released an update for Microsoft Office that provides enhanced security as a defense in depth measure.

Users and system administrators are strongly advised to apply these security patches as soon as possible to keep hackers and cybercriminals away from taking control of their systems.

For installing security patch updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket