Microsoft this week released updates to fix roughly 50 security problems with various versions of its operating system and related software, including one that is already being exploited and another for which exploit code is publicly available.

- brokenwindows - Patch Tuesday, October 2018 Edition — Krebs on SecurityThe zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, 10 and Server 2008, 2012, 2016 and 2019. According to security firm Ivanti, an attacker first needs to log into the operating system, but then can exploit this to gain administrator privileges.

Another vulnerability patched on CVE-2018-8423 — was publicly disclosed last month along with sample exploit code. This flaw involves a component shipped on all Windows machines and used by a number of programs, and could be exploited by getting a user to open a specially-crafted file — such as a booby-trapped Microsoft Office document.

KrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases monthly security updates before installing the fixes, with the rational that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.

This month, Microsoft briefly paused updates for Windows 10 users after many users reported losing all of the files in their “My Documents” folder. The worst part? Rolling back to previous saved versions of Windows prior to the update did not restore the files.

Microsoft appears to have since fixed the issue, but these kinds of incidents illustrate the value of not only waiting a day or two to install updates but also manually backing up your data prior to installing patches (i.e., not just simply counting on Microsoft’s System Restore feature to save the day should things go haywire).

Mercifully, Adobe has spared us an update this month for its Player software, although it has shipped a non-security update for Flash.

For more on this month’s Tuesday batch, check out posts from Ivanti and Qualys.

As always, if you experience any issues installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips. My apologies for the tardiness of this post; I have been traveling in Australia this past week with only sporadic to the Internet.

- 4 - Patch Tuesday, October 2018 Edition — Krebs on Security

Tags: , , ,

Source link


Please enter your comment!
Please enter your name here