Zero-Day Microsoft

Zero-Day Microsoft & Adobe Vulnerabilities Patch

This Tuesday, Adobe and Microsoft released security updates to solve vulnerabilities.  Adobe had five security holes in its Flash Player browser plugin.  Microsoft launched 17 updates to solve at least 60 vulnerabilities in Windows, including two zero-day defects that hackers were already abusing before these patches were issued.

Security firm Ivanti investigated the two zero-day flaws.  One susceptibility affected Internet Explorer (IE) that enabled cybercriminals to install malware on IE users who browsed hacked sites.  The other zero-day susceptibility was a bug that allowed a hacker to run their codes on Windows 10.

There were 19 critical vulnerabilities that Microsoft addressed. One of which could lead to remote code execution, where attackers could take control of affected systems if exploited successfully.

Another flaw originates in the improper validation of file paths. An arbitrary code that can be executed on a targeted system by convincing victims into downloading a file in an email or a web page.

.LNK shortcut file had a vulnerability within the file’s format in which an attacker can use malicious binary to execute arbitrary code on a targeted system. This allows attackers to gain the same user rights on the system.

Users are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. Microsoft has also pushed security updates to patch vulnerabilities in Adobe products. Keeping your systems updated is one of the best ways to avoid getting malware or your files compromised.

For installing security updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

For all Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

Original Article Found Here.

  • 1