Connect with us

Hacker News Vulnerability

Microsoft Patches 64 Flaws

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Microsoft Patches 64 Flaws

Published

5 years ago

on

Microsoft Patches 64 Flaws

Despite the inconvenience, especially during shutdown and startup, it’s nowadays essential to keep your operating system and software updated. Just recently, Microsoft has patched 64 flaws it found in Windows 10, MS Office, Sharepoint, Skype for Business, Visual Studio and ChakraCore. These flaws range from minor to critical in severity. If you’re not updated yet, you need to do so as 17 of these patches are critical and that two of these are already being exploited as per Google.

 

The two aforementioned vulnerabilities (CVE-2019-0808, CVE-2019-0797,) reside in the Win32k component which is crucial for backwards compatibility with legacy systems that Windows still can’t do without. Google reported earlier that one of these vulnerabilities was being exploited in conjunction with a Google Chrome flaw which they patched last week. These flaws together allow attackers to take full control of Windows 7 or Windows Server 2018 computers. The other Microsoft flaw is similar but affects later versions of Windows as well as Windows Server 2012, 2016 and 2019. These two flaws were thankfully detected by security researchers Boris Larin and Vasily Berdnikov of Kaspersky Labs.

45 of the patched flaws are also considered important so it pays a lot for users to immediately update. They also allow for remote code execution, privilege elevation and denial of service and are present in Internet Explorer which by now nobody should be using, DHCP Client, VBScript and the Chakra Script Engine.

One can’t blame some systems administrators for being reluctant with updates as Microsoft has been having problems with updates as well. Some updates tend to damage or brick some systems due to compatibility reasons thanks to the millions of configurations possible with the Windows ecosystem.

 

But thankfully, Windows 10 is now able to uninstall problematic updates which brings forth the problem of systems not being updated for new vulnerabilities until 30 days after, for which problematic updates are debugged by Microsoft based on Windows reports. It’s a welcome change nonetheless as the ability to do work takes still takes precedence.

Related Topics:

Technology Enthusiast with a keen eye on the Cyberspace, Entrepreneur, Ethical Hacker

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *