Kingston KC3000 PCIe 4.0 M.2 NVMe review
EnGenius ECS2512FP. 8-port 2.5G Cloud Switch review
Deepcool CG560 chassis review
Fractal Design Torrent Black RGB TG review
Core i9 12900K DDR4 3600 vs DDR5 5200 performance review
Corsair H150i Elite LCD review
Seasonic Syncro Q704 chassis + Connect PSU review
Fractal Design Ion+ 2 Platinum 860W PSU Review
Crucial P5 Plus PCIe 4.0 M.2 NVMe review
Fractal Design Lumen S28 RGB review (LCS)
Microsoft patches 50 vulnerabilities incl a Zero Day Issue
It was patch Tuesday yesterday and if you have not done so, you should grab that update alright as Microsoft addressed 50 vulnerabilities including a zero-day vulnerability.
The zero-day allowed an attacker with access to the system to elevate his privileges and Microsoft has classified its severity as ‘important’. Kaspersky Lab discovered the zero-day in August this year reports myce.
According to the antivirus vendor the vulnerability has been used in targeted attacks against less than a dozen targets in the Middle East. The vulnerability was reported on the 17th of August to Microsoft, which released a patch yesterday, the 9th of October. The attackers already had access to the system and used the vulnerability to gain privileges that they used to infect the system with persistent malware. The exploit that made use of the vulnerability, was of high quality and designed to reliable attack several versions of Windows.
Besides the zero-day, also two vulnerabilities were patched of which details were already disclosed. Both vulnerabilities weren’t actively exploited, according to Microsoft. One is a vulnerability in the Microsoft JET Database Engine and the other in the Windows kernel. Microsoft also fixed a vulnerability that has a CVE number from 2010. CVE numbers are unique numbers assigned to vulnerabilities after they are discovered. The vulnerability from 2010 allows remote code execution in certain applications built using Microsoft Foundation Classes (MFC).
Other vulnerabilities were patched in Internet Explorer, Microsoft Edge, Microsoft Office, Windows, ChakraCore, .NET Core, PowerShell Core, SQL Server Management Studio, Microsoft Exchange server, Azure IoT Edge and Hub Device Client SDK for Azure IoT.
On most systems the patches will be automatically installed.
Microsoft resolves issue with Windows 10 disappearing files - 10/10/2018 08:37 AM
The new Windows 10 October update no longer removes files by accident. Microsoft says it has solved the problem, and that it wants to help users get their files back....
Microsoft can recover lost files Windows 10 October 2018 Update - But You Need To Call Them - 10/09/2018 08:40 AM
Wowzers, so remember the news-item we wrote a couple of days ago, Micsofot halting the Fall update due to people losing files and documents? Well, the good news is that the files can be recovered, h...
Microsoft halts Windows October 2018 update due to missing user files - 10/07/2018 09:43 AM
Microsoft has paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as they investigate reports of users missing some files after updating....
Microsoft Announces New 8th Gen Intel Core-Powered Surface Pro 6 and Surface Laptop 2 - 10/03/2018 08:01 AM
Microsoft announced the all-new Surface Pro 6 and Surface Laptop, according to them both faster than ever with the latest 8th Generation Intel Core processors. The Surface Pro 6 and Surface Laptop 2 a...
(0day) Microsoft Windows Jet Database Engine Vulnerability - 09/24/2018 08:29 AM
According to the an advisory released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, c...
Kaarme
Senior Member
Posts: 2692
Joined: 2013-03-10
Senior Member
Posts: 2692
Joined: 2013-03-10
#5595186 Posted on: 10/11/2018 12:35 PM
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.
Targeted Attacks => Not some small time "hacker" looking to build botnet... CIA?
Middle East - Probably someone nice, right?
I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.
Targeted Attacks => Not some small time "hacker" looking to build botnet... CIA?
Middle East - Probably someone nice, right?
I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
lucidus
Senior Member
Posts: 11836
Joined: 2011-12-31
Senior Member
Posts: 11836
Joined: 2011-12-31
#5595187 Posted on: 10/11/2018 12:37 PM
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.
I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
Don't leave out their Arab buddies. Despite all the rhetoric, they do buy all those "tools" from Israel
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.
I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
Don't leave out their Arab buddies. Despite all the rhetoric, they do buy all those "tools" from Israel
Fox2232
Senior Member
Posts: 11809
Joined: 2012-07-20
Senior Member
Posts: 11809
Joined: 2012-07-20
#5595196 Posted on: 10/11/2018 01:09 PM
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.
I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
What I meant is, that it talked about sophisticated tool which was universal for multiple versions of Windows. That's not work of random guy in mom's basement. That's work of well funded and motivated party. Be it Israeli, US, ... matters little. But it means that threat they are focusing on is likely threat to their national security. (Or is perceived as such.)
And dozen of targets really look more like surgical approach. And likely bad guys are ones to celebrate. I do not think that any of those organizations capable to create and use surgical hack like this will target some random citizen or will use that vulnerability to get data from millions of computers. (That greatly increases chance for detection and fix. => Loss of investment, technological advantage, Strategic option.)
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.
I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
What I meant is, that it talked about sophisticated tool which was universal for multiple versions of Windows. That's not work of random guy in mom's basement. That's work of well funded and motivated party. Be it Israeli, US, ... matters little. But it means that threat they are focusing on is likely threat to their national security. (Or is perceived as such.)
And dozen of targets really look more like surgical approach. And likely bad guys are ones to celebrate. I do not think that any of those organizations capable to create and use surgical hack like this will target some random citizen or will use that vulnerability to get data from millions of computers. (That greatly increases chance for detection and fix. => Loss of investment, technological advantage, Strategic option.)
DLD
Senior Member
Posts: 887
Joined: 2002-09-14
Senior Member
Posts: 887
Joined: 2002-09-14
#5595414 Posted on: 10/11/2018 10:44 PM
Remember the time when 3 Baraks sat at one table to "negotiate" - Barack Obama, Ehud Barak and Mubarak (president of Egypt). Judeoamerican-Arab everlasting conflict was designed to hold the rest of the world as a hostage. And this conflict is carefully maintained throughout a few decades now. And the authorities are trying to persuade us that this is just a coincidence, and whoever says different is an inventor of a "conspiracy theory"....
And anyone who thinks it's just a coincidence that windows os is invented (though the idea was stolen, copied) by a guy who is of such and such nationality, and that it's a pure coincidence that micro$oft is a servant of the secret forces of USA, is living in an illusion.
Don't leave out their Arab buddies. Despite all the rhetoric, they do buy all those "tools" from Israel :p
Remember the time when 3 Baraks sat at one table to "negotiate" - Barack Obama, Ehud Barak and Mubarak (president of Egypt). Judeoamerican-Arab everlasting conflict was designed to hold the rest of the world as a hostage. And this conflict is carefully maintained throughout a few decades now. And the authorities are trying to persuade us that this is just a coincidence, and whoever says different is an inventor of a "conspiracy theory"....
And anyone who thinks it's just a coincidence that windows os is invented (though the idea was stolen, copied) by a guy who is of such and such nationality, and that it's a pure coincidence that micro$oft is a servant of the secret forces of USA, is living in an illusion.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 11809
Joined: 2012-07-20
Targeted Attacks => Not some small time "hacker" looking to build botnet... CIA?
Middle East - Probably someone nice, right?
It is nice that it is patched, I feel much more secure. And would feel twice as secure if I was doing something bad via my PC.