G.Skill TridentZ Royal DDR4 3200 MHz review
Radeon Adrenalin 2019 Edition Driver Overview
ASRock Z390 Taichi Ultimate review
Team Group T-Force Night Hawk RGB Legend DDR4
MSI MPG Z390 Gaming Pro Carbon review
Promo: Get Windows 10 Pro OEM under 12$
MSI GeForce RTX 2080 Gaming X TRIO review
Guru3D Rig of the Month - November 2018
Samsung 860 QVO 2TB SSD review
Asus Strix Fusion 700 - RGB Headset Review
Microsoft fixes 50 vulnerabilties in Windows, Office, Edge and Explorer
Tuesday was this month’s Patch Tuesday and this week Microsoft addressed 50 vulnerabilities that affect Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Flash Player, Windows Kernel and more.
Be sure to update as some of these when exploited they can provide an attacker with full control over the system reports myce today; One of the vulnerabilities in Internet Explorer was already publicly disclosed before a patch was available, but Microsoft claims it has not been actively attacked. In total, the software giant marked 11 vulnerabilities as critical, which means they allow an attacker to execute arbitrary code remotely. Microsoft marked the other 39 as important.
Cisco’s security division, Talos, has issued an advisory about three of the vulnerabilities which the company believes are notable and require prompt attention. These are two vulnerabilities in the Microsoft Scripting Engine and one in the Windows DNSAPI.
Besides that, an emergency patch for Flash Player that was released last week is also distributed with the updates of this Patch Tuesday. That means that Flash Player will be updated on systems where the latest Flash Player update hasn’t been installed yet. On most systems updates will be automatically installed without any user interaction. Users who can’t wait for the automatic updates can also search for updates manually.
E3 2018: Microsoft announces FastStart, Also Works on Cloud Gamestream service - 06/11/2018 10:23 AM
Microsoft confirms that it is working on a service for streaming games as well as talking about FastStart, which allows Xbox games to be launched faster. Microsoft also made a dozen or so game annou...
Microsoft might be buying GitHub (updated - sold) - 06/04/2018 02:31 PM
And that title could also read, Microsoft already purchased it, as that is what some insides report. Microsoft has recently held talks to buy GitHub. The companies have had on-and-off conversations o...
Microsoft Surface Hub 2 - 50.5-inch and due in 2019 - 05/16/2018 07:42 AM
Microsoft has presented the successor to its digital whiteboard Surface Hub. The Surface Hub 2, which Microsoft will begin testing later this year and ship some time in 2019, is the successor to Surfa...
FTC Threatens Legal Action Against Sony, Microsoft and others - 05/07/2018 06:55 AM
You know, the little sticker on the back of their console that says "warranty void if removed". You'll usually find similar messages at the ends of certain user agreement licenses, and e...
Microsoft to release a Lean Version of Windows 10 - 04/25/2018 02:33 PM
Lean is, in fact, the name of the Microsoft distribution and will be a trimmed down version of Windows 10, It lacks many Windows 10 features and has a 2GB smaller installation size....
Fox2232
Senior Member
Posts: 7902
Joined: 2012-07-20
Senior Member
Posts: 7902
Joined: 2012-07-20
#5557203 Posted on: 06/14/2018 08:06 AM
Did anybody ever sum up the total of vulnerabilities found in Windows since, say, 3.1 ?
I would looove to know that ridiculous number
That would be very boring number. But with each of fix, MS knows since when they had such vulnerability in system.
Much more interesting would be graph over time showing number of unpatched security holes.
But I doubt MS is suicidal enough to release such graph.
Did anybody ever sum up the total of vulnerabilities found in Windows since, say, 3.1 ?
I would looove to know that ridiculous number
That would be very boring number. But with each of fix, MS knows since when they had such vulnerability in system.
Much more interesting would be graph over time showing number of unpatched security holes.
But I doubt MS is suicidal enough to release such graph.
sverek
Senior Member
Posts: 4393
Joined: 2011-01-02
Senior Member
Posts: 4393
Joined: 2011-01-02
#5557227 Posted on: 06/14/2018 09:10 AM
That would be very boring number. But with each of fix, MS knows since when they had such vulnerability in system.
Much more interesting would be graph over time showing number of unpatched security holes.
But I doubt MS is suicidal enough to release such graph.
M$ should take red pill and release source code.
That would be very boring number. But with each of fix, MS knows since when they had such vulnerability in system.
Much more interesting would be graph over time showing number of unpatched security holes.
But I doubt MS is suicidal enough to release such graph.
M$ should take red pill and release source code.
Angantyr
Senior Member
Posts: 578
Joined: 2013-11-23
Senior Member
Posts: 578
Joined: 2013-11-23
#5557257 Posted on: 06/14/2018 11:07 AM
Is there a reason why the protections against the execution side channel vulnerability CVE-2018-3639 are disabled by default?
Is there a reason why the protections against the execution side channel vulnerability CVE-2018-3639 are disabled by default?
Robbo9999
Senior Member
Posts: 1113
Joined: 2012-10-07
Senior Member
Posts: 1113
Joined: 2012-10-07
#5557332 Posted on: 06/14/2018 03:37 PM
Good point, and I noticed this too. That's another new version of the Spectre vulnerability that was found in May this year. Intel/Microsoft think that the risk of infection from this exploit is low, and I don't know if there is a performance cost associated with it's enabling. You have to edit the registry to enable the protection, so they've made it difficult to do, most people won't enable the protection. I wrote a post on this yesterday on notebookreview forums (some more detail in there):
http://forum.notebookreview.com/threads/cpu-vulnerabilities-meltdown-and-spectre-kernel-page-table-isolation-patches-and-more.812424/page-98#post-10744872
Is there a reason why the protections against the execution side channel vulnerability CVE-2018-3639 are disabled by default?
Good point, and I noticed this too. That's another new version of the Spectre vulnerability that was found in May this year. Intel/Microsoft think that the risk of infection from this exploit is low, and I don't know if there is a performance cost associated with it's enabling. You have to edit the registry to enable the protection, so they've made it difficult to do, most people won't enable the protection. I wrote a post on this yesterday on notebookreview forums (some more detail in there):
http://forum.notebookreview.com/threads/cpu-vulnerabilities-meltdown-and-spectre-kernel-page-table-isolation-patches-and-more.812424/page-98#post-10744872
schmidtbag
Senior Member
Posts: 3394
Joined: 2012-11-10
Senior Member
Posts: 3394
Joined: 2012-11-10
#5557384 Posted on: 06/14/2018 07:08 PM
I have a really hard time believing Internet Explorer would have any vulnerabilities. I'm pretty sure this is fake news.
/s
Did anybody ever sum up the total of vulnerabilities found in Windows since, say, 3.1 ?
I would looove to know that ridiculous number
I'm more interested in the known vulnerabilities that were never fixed.
I have a really hard time believing Internet Explorer would have any vulnerabilities. I'm pretty sure this is fake news.
/s
Did anybody ever sum up the total of vulnerabilities found in Windows since, say, 3.1 ?
I would looove to know that ridiculous number
I'm more interested in the known vulnerabilities that were never fixed.
sykozis
Senior Member
Posts: 20638
Joined: 2008-07-14
Senior Member
Posts: 20638
Joined: 2008-07-14
#5557475 Posted on: 06/15/2018 01:48 AM
I have a really hard time believing Internet Explorer would have any vulnerabilities. I'm pretty sure this is fake news.
/s
I know... The idea that IE would have a vulnerability is blasphemous!!!
I'm more interested in the known vulnerabilities that were never fixed.
MS will never commit suicide like that....
I have a really hard time believing Internet Explorer would have any vulnerabilities. I'm pretty sure this is fake news.
/s
I know... The idea that IE would have a vulnerability is blasphemous!!!
I'm more interested in the known vulnerabilities that were never fixed.
MS will never commit suicide like that....
sverek
Senior Member
Posts: 4393
Joined: 2011-01-02
Senior Member
Posts: 4393
Joined: 2011-01-02
#5557480 Posted on: 06/15/2018 02:12 AM
There is no way, Javascript can take any file from client system and send it to the server!
I know... The idea that IE would have a vulnerability is blasphemous!!!
There is no way, Javascript can take any file from client system and send it to the server!
Click here to post a comment for this news story on the message forum.
Member
Posts: 96
Joined: 2016-12-28
Did anybody ever sum up the total of vulnerabilities found in Windows since, say, 3.1 ?
I would looove to know that ridiculous number