Microsoft and Adobe Releases Security Patches for Critical Vulnerabilities

Libssh

Microsoft has released security patches for 53 vulnerabilities across 13 products as part of their July 2018 patch Tuesday.

According to Microsoft 17 were rated as critical, 34 as important, one moderate and one as low severity.

The products which patches were released are given below:

Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, ASP.NET, Microsoft Research JavaScript Cryptography Library, Skype for Business and Microsoft Lync, Visual Studio, Microsoft Wireless Display Adapter V2 Software, PowerShell Editor Services, PowerShell Extension for Visual Studio Code, Web Customizations for Active Directory Federation Services

The most critical flaw reported was four Chakra scripting engine memory corruption vulnerabilities (CVE-2018-8280, CVE-2018-8286, CVE-2018-8290, CVE-2018-8294) in internet explorer.

The vulnerability could be exploited to execute arbitrary code in the context of the current user. If successfully exploited the attacker could gain the same user rights as the current user.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Another critical vulnerability (CVE-2018-8278) in Microsoft Edge which improperly handles specific HTML content. If the flaws are successfully exploited, the attacker could trick the user into believing that the user was on a legitimate website.

For more details regarding the security update, you can visit Microsoft’s official Security Update Guide. Users are advised to update your products immediately.

Adobe released security patches for 112 vulnerabilities

On Tuesday Adobe also released security patches for 112 vulnerabilities as part of their monthly security updates.

The patches were released for products such as Adobe Flash Player(2), Adobe Connect (3), Adobe Experience Manager (3), Adobe Acrobat and Adobe Reader (104).

“Adobe has published security bulletins for Adobe Acrobat and Reader (APSB18-21), Adobe Connect (APSB18-22), Adobe Experience Manager (APSB18-23) and Adobe Flash Player (APSB18-24). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.” said in the security bulletin published by Adobe.

For more details regarding the security update, you can visit here. Users are advised to update your products immediately.

 

Comments

Please rate this content