Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASUS ROG STRIX GeForce GTX 1660 Ti review
MSI GeForce GTX 1660 Ti Gaming X review
MSI GeForce GTX 1660 Ti VENTUS XS review
Palit GeForce GTX 1660 Ti StormX review
Corsair Dominator Platinum RGB DDR4 memory review
MSI MEG X299 Creation motherboard review
Deepcool Gammaxx L240 AIO review
Guru3D Winter 2018-2019 PC Buyers Guide
URCDkey Spring Sale(up to 86% off) Windows 10 Pro $11
Far Cry New Dawn PC graphics performance benchmark review

New Downloads
GeForce 419.17 WHQL driver download
Prime95 download version 29.6 build 2
Intel HD graphics Driver Download Version: DCH 25.20.100.6577
SiSoft Sandra 2018 download Platinum (build 28.49)
MSI Afterburner 4.6.0 Beta 14 (14649) Download
Display Driver Uninstaller Download version 18.0.0.9
AMD Radeon Adrenalin Edition 19.2.2 driver Download
GeForce 418.91 WHQL driver download
3DMark Download v2.8.6446 + Port Royale
Corsair Utility Engine Download (iCUE) Download v3.12.118


New Forum Topics
Test memory GF100 and many other NVIDIA videocards Nvidia Control App in windows store AMD drops price on Radeon RX Vega 56 to Battle GeForce GTX 1660 Ti Radeon VII (Vega 7nm) - Owners Thread, Tests, Mods, BIOS & Tweaks ! Reviews: GeForce GTX 1660 Ti testing Galore - MSI, ASUS and Palit GPU disappeared suddenly from device manager (Laptop) HELP: How to create Cusom Resolution with Chroma Subsampling for HDR? 2700x asrock a320m hdv r3 crash freeze Radeon FX 590 setup problem RX Vega Owners Thread, Tests, Mods, BIOS & Tweaks !




Guru3D.com » News » Microsoft patches 50 vulnerabilities incl a Zero Day Issue

Microsoft patches 50 vulnerabilities incl a Zero Day Issue

by Hilbert Hagedoorn on: 10/11/2018 08:00 AM | source: myce | 9 comment(s)
Microsoft patches 50 vulnerabilities incl a Zero Day Issue

It was patch Tuesday yesterday and if you have not done so, you should grab that update alright as Microsoft addressed 50 vulnerabilities including a zero-day vulnerability.

The zero-day allowed an attacker with access to the system to elevate his privileges and Microsoft has classified its severity as ‘important’. Kaspersky Lab discovered the zero-day in August this year reports myce.

According to the antivirus vendor the vulnerability has been used in targeted attacks against less than a dozen targets in the Middle East. The vulnerability was reported on the 17th of August to Microsoft, which released a patch yesterday, the 9th of October. The attackers already had access to the system and used the vulnerability to gain privileges that they used to infect the system with persistent malware. The exploit that made use of the vulnerability, was of high quality and designed to reliable attack several versions of Windows.

Besides the zero-day, also two vulnerabilities were patched of which details were already disclosed. Both vulnerabilities weren’t actively exploited, according to Microsoft. One is a vulnerability in the Microsoft JET Database Engine and the other in the Windows kernel. Microsoft also fixed a vulnerability that has a CVE number from 2010. CVE numbers are unique numbers assigned to vulnerabilities after they are discovered. The vulnerability from 2010 allows remote code execution in certain applications built using Microsoft Foundation Classes (MFC).

Other vulnerabilities were patched in Internet Explorer, Microsoft Edge, Microsoft Office, Windows, ChakraCore, .NET Core, PowerShell Core, SQL Server Management Studio, Microsoft Exchange server, Azure IoT Edge and Hub Device Client SDK for Azure IoT.

On most systems the patches will be automatically installed.







Rate this story
Rating:

« Resident Evil 2 - Licker Battle Gameplay · Microsoft patches 50 vulnerabilities incl a Zero Day Issue · First 96-layer NAND makes its way to Smartphones - WD 96-Layer 3D NAND »

Related Stories

Microsoft resolves issue with Windows 10 disappearing files - 10/10/2018 07:37 AM
The new Windows 10 October update no longer removes files by accident. Microsoft says it has solved the problem, and that it wants to help users get their files back....

Microsoft can recover lost files Windows 10 October 2018 Update - But You Need To Call Them - 10/09/2018 07:40 AM
Wowzers, so remember the news-item we wrote a couple of days ago, Micsofot halting the Fall update due to people losing files and documents? Well, the good news is that the files can be recovered, h...

Microsoft halts Windows October 2018 update due to missing user files - 10/07/2018 08:43 AM
Microsoft has paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as they investigate reports of users missing some files after updating....

Microsoft Announces New 8th Gen Intel Core-Powered Surface Pro 6 and Surface Laptop 2 - 10/03/2018 07:01 AM
Microsoft announced the all-new Surface Pro 6 and Surface Laptop, according to them both faster than ever with the latest 8th Generation Intel Core processors. The Surface Pro 6 and Surface Laptop 2 a...

(0day) Microsoft Windows Jet Database Engine Vulnerability - 09/24/2018 07:29 AM
According to the an advisory released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, c...


Fox2232
Senior Member



Posts: 8426
Joined: 2012-07-20

#5595141 Posted on: 10/11/2018 08:14 AM
According to the antivirus vendor the vulnerability has been used in targeted attacks against less than a dozen targets in the Middle East.

Targeted Attacks => Not some small time "hacker" looking to build botnet... CIA?
Middle East - Probably someone nice, right?

It is nice that it is patched, I feel much more secure. And would feel twice as secure if I was doing something bad via my PC.

Kaarme
Senior Member



Posts: 1373
Joined: 2013-03-10

#5595186 Posted on: 10/11/2018 11:35 AM
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.

Targeted Attacks => Not some small time "hacker" looking to build botnet... CIA?
Middle East - Probably someone nice, right?


I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.

lucidus
Senior Member



Posts: 11499
Joined: 2011-12-31

#5595187 Posted on: 10/11/2018 11:37 AM
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.



I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.

Don't leave out their Arab buddies. Despite all the rhetoric, they do buy all those "tools" from Israel :P

Fox2232
Senior Member



Posts: 8426
Joined: 2012-07-20

#5595196 Posted on: 10/11/2018 12:09 PM
When Win10 started to install updates upon turning off the PC last night, I thought today I'd find all of my personal documents gone, but fortunately it wasn't that update.



I reckon most targeted attacks in the Middle East are by Israel. You know, by the actual experts in Israel, not those "experts" that find "vulnerabilities" in AMD CPUs and give AMD 24 hours to fix them before making them public with terrible headlines.
What I meant is, that it talked about sophisticated tool which was universal for multiple versions of Windows. That's not work of random guy in mom's basement. That's work of well funded and motivated party. Be it Israeli, US, ... matters little. But it means that threat they are focusing on is likely threat to their national security. (Or is perceived as such.)

And dozen of targets really look more like surgical approach. And likely bad guys are ones to celebrate. I do not think that any of those organizations capable to create and use surgical hack like this will target some random citizen or will use that vulnerability to get data from millions of computers. (That greatly increases chance for detection and fix. => Loss of investment, technological advantage, Strategic option.)

DLD
Senior Member



Posts: 771
Joined: 2002-09-14

#5595414 Posted on: 10/11/2018 09:44 PM
Don't leave out their Arab buddies. Despite all the rhetoric, they do buy all those "tools" from Israel :p


Remember the time when 3 Baraks sat at one table to "negotiate" - Barack Obama, Ehud Barak and Mubarak (president of Egypt). Judeoamerican-Arab everlasting conflict was designed to hold the rest of the world as a hostage. And this conflict is carefully maintained throughout a few decades now. And the authorities are trying to persuade us that this is just a coincidence, and whoever says different is an inventor of a "conspiracy theory"....
And anyone who thinks it's just a coincidence that windows os is invented (though the idea was stolen, copied) by a guy who is of such and such nationality, and that it's a pure coincidence that micro$oft is a servant of the secret forces of USA, is living in an illusion.

Crimson Wolf
Member



Posts: 26
Joined: 2014-11-13

#5595427 Posted on: 10/11/2018 10:43 PM
FFS, Microsoft does it again! Cumulative update pulled because it's causing BSODs on HP and DELL.

https://answers.microsoft.com/en-us/windows/forum/all/windows-10-1809-1776355-cumulative-update-bsod/ee2ca1bc-b98f-4e1f-9fea-e0803b6766c9?auth=1

Dimitrios1983
Senior Member



Posts: 168
Joined: 2018-03-01

#5595455 Posted on: 10/12/2018 12:57 AM
FFS, Microsoft does it again! Cumulative update pulled because it's causing BSODs on HP and DELL.

https://answers.microsoft.com/en-us/windows/forum/all/windows-10-1809-1776355-cumulative-update-bsod/ee2ca1bc-b98f-4e1f-9fea-e0803b6766c9?auth=1

Maybe Microsoft should let high school or college kids handle this. I lost all trust in Microsoft.

ManofGod
Senior Member



Posts: 1284
Joined: 2004-12-10

#5595459 Posted on: 10/12/2018 01:15 AM
Maybe Microsoft should let high school or college kids handle this. I lost all trust in Microsoft.


No, High School or College kids would make things worse, mostly. However, they sure do have some fixing to do, in many areas. (How the stocks do not take a hit with things like this, I will never understand.)

lucidus
Senior Member



Posts: 11499
Joined: 2011-12-31

#5595461 Posted on: 10/12/2018 01:19 AM
FFS, Microsoft does it again! Cumulative update pulled because it's causing BSODs on HP and DELL.

https://answers.microsoft.com/en-us/windows/forum/all/windows-10-1809-1776355-cumulative-update-bsod/ee2ca1bc-b98f-4e1f-9fea-e0803b6766c9?auth=1

Oh ffs ....

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2019