Regístrese ahora para una mejor cotización personalizada!

Microsoft Patch Tuesday: 84 new vulnerabilities

Oct, 11, 2022 Hi-network.com
Image: Geralt on Pixabay

Microsoft on Tuesday disclosed 84 vulnerabilities, including one that has been exploited and one that has been publicly disclosed. 

The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure, Azure Arc, and Azure DevOps; Microsoft Edge (Chromium-based); Office and Office Components; Visual Studio Code; Active Directory Domain Services and Active Directory Certificate Services; Nu Get Client; Hyper-V; and the Windows Resilient File System (ReFS). 

Windows 11

  • How to install Android apps on Windows 11
  • The best Windows laptops: Top notebooks, 2-in-1s, and ultraportables
  • How to recover deleted files in Windows 10 or 11
  • I hate Windows 11. How can I make it work more like Windows 10?

This release comes on top of 12 patches for CVEs in Microsoft Edge (Chromium-based) released earlier this month.

Also:What, exactly, is cybersecurity? And why does it matter?

The vulnerability that has been exploited is a Windows COM+ Event System Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain system privileges.

The publicly disclosed vulnerability is a Microsoft Office Information Disclosure Vulnerability. This vulnerability, discovered by Cody Thomas with SpecterOps, puts at risk user tokens and other potentially sensitive information.

"What may be more interesting is what isn't included in this month's release," Dustin Childs wrote for the Zero Day Initiative. "There are no updates for Exchange Server, despite two Exchange bugs being actively exploited for at least two weeks. These bugs were purchased by the ZDI at the beginning of September and reported to Microsoft at the time. With no updates available to fully address these bugs, the best administrators can do is ensure the September 2021 Cumulative Update (CU) is installed."

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.