Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Radeon Series RX 6700 XT preview & analysis
Corsair MM700 & Corsair Katar Pro XT Review
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review

New Downloads
ClockTuner for Ryzen (CTR) v2.0 RC4 Download
SiSoft Sandra 20/21 download v31.12
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
AIDA64 Download Version 6.32.5644 beta
FurMark Download v1.25
MSI Afterburner 4.6.3 Final Stable Download
Display Driver Uninstaller Download version 18.0.3.7
Guru3D RTSS Rivatuner Statistics Server Download 7.3.0 Final
Media Player Classic - Home Cinema v1.9.10 Download
GeForce 461.72 WHQL driver download


New Forum Topics
RTSS 6.7.0 beta 1 LIAN LI Shows Four new Prototype products AMD Radeon Software Adrenalin 2020 Edition 21.2.3 AMD announces Radeon RX 6700 XT 12GB at 479 USD, launches on March 18th ClockTuner v2.0 RC4 for Ryzen (CTR) info and download GeForce 461.72 WHQL drivers: download & discussion AMD confirms that Resident Evil Village will have Ray Tracing support on PC NVIDIA 465.21 DEVELOPER NVidia Anti-Aliasing Guide (updated) Windows 10 20H2 (Build 19042.508)




Guru3D.com » News » Microsoft patches actively exploited zero-day in IE as wel as 73 security issues

Microsoft patches actively exploited zero-day in IE as wel as 73 security issues

by Hilbert Hagedoorn on: 02/14/2019 08:58 AM | source: myce | 12 comment(s)
Microsoft patches actively exploited zero-day in IE as wel as 73 security issues

If you received a Windows update yesterday, it was related to this news-item. Microsoft patched an actively attacked vulnerability in Internet Explorer and 73 other vulnerabilities during yesterday’s Patch Tuesday of February.

 The zero-day vulnerability in Internet Explorer was discovered by Google and allowed attackers to test for the presence of specific files on disk reports myce:

To become a victim of the attack, a user only had to visit a malicious website. While Microsoft reports the issue is actively attacked, it’s unknown where the attack took place, how it was discovered and what kind of files attackers were looking for. These kinds of “information disclosure” vulnerabilities have been abused in the past to collect all kinds of data on attacked systems. It e.g. allows attacker to check for specific security software or to check whether the system is part of a virtual machine or automated system used by security researchers.

Microsoft also patched four vulnerabilities this month of which details were already disclosed before the company released patches for them. According to Microsoft, none of the vulnerabilities have been targeted in an attack.

From those four, the first is an information disclosure attack in Windows which allows an attacker to read the contents of files on a computer. The second vulnerability was in Exchange Server and allowed an attacker to gain the same privileges as other users. This way the attacker could access the mailbox of other users and read their emails.

The other two vulnerabilities were in Microsoft’s Team Foundation server and allowed an attacker to read content for which he was not authorized, to execute malicious code and to perform all kinds of actions in name of other users, such as changing and deleting content.

Microsoft further patched vulnerabilities in Internet Explorer, Edge, Windows, Office ChakraCore .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Microsoft Dynamics, Team Foundation Server and Visual Studio Code. On most computers the patches are automatically downloaded and installed.







« Intel now includes Heatsink for the Intel Optane 905P M.2 SSD as default (Update) · Microsoft patches actively exploited zero-day in IE as wel as 73 security issues · Unreal Engine adds support for raytracing »

Related Stories

Microsoft fixes connection problems with Windows Update - 02/07/2019 08:47 AM
Microsoft has been having DNS issues, with the result that Windows users did not get their updates. Microsoft has confirmed that the problems are solved and updates can be installed again. ...

Microsoft confirms problem with Windows 10 update halting systems from starting - 02/04/2019 09:10 AM
Microsoft has confirmed an issue with the latest update for Windows Defender for both Windows 10 and Windows Server 2016. The update was released earlier this week and due to the issue, some Windows 1...

Promo: Microsoft Windows 10 Pro and Office 2016 Pro for 34 USD - 02/01/2019 09:14 AM
URCDKey is a license site available for various platforms, whether for software or games. URCDKeys brings as a novelty the offer at a competitive price known Microsoft widow 10 Pro OEM or Microsoft O...

Microsoft will add ‘login with SMS code’ options on all Windows 10 versions - 01/07/2019 09:14 AM
Microsoft announced all Windows 10 versions will get the option to set up and sign in to the operating systems through SMS / text messages. By using this option, you can login without using a password...

Microsoft to launch 4K webcams in 2019 - 12/24/2018 09:54 AM
Hmm think Windows Hello here? A biometric authentication system can use your face, iris, and fingerprint, among other things, to log in on your Windows 10. Now it seems that Microsoft has a number o...


3 pages 1 2 3


sverek



Posts: 6074
Joined: 2011-01-02

#5639493 Posted on: 02/14/2019 09:13 AM
M$: If you have game problem I feel bad for you son, I got 73 security issues but DX ain't one.

FM57
Senior Member



Posts: 204
Joined: 2016-12-28

#5639496 Posted on: 02/14/2019 09:43 AM
HH:
"Aoccdrnig to rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe."

I know, I know, that happens when you rush to publish the news on the best site of the industry :)

mbk1969
Senior Member



Posts: 10452
Joined: 2013-01-17

#5639523 Posted on: 02/14/2019 11:26 AM
M$: If you have game problem I feel bad for you son, I got 73 security issues but DX ain't one.


You want the team of IE to resolve issues in DX?

schmidtbag
Senior Member



Posts: 5640
Joined: 2012-11-10

#5639691 Posted on: 02/14/2019 05:16 PM
This is one of the few cases where I'll give MS a pass for sloppy testing. Nobody should be using IE in the first place if security exploits are a concern to them.

fantaskarsef
Senior Member



Posts: 12057
Joined: 2014-07-21

#5639744 Posted on: 02/14/2019 07:11 PM
M$: If you have game problem I feel bad for you son, I got 73 security issues but DX ain't one.


Liked for style points.


You want the team of IE to resolve issues in DX?


Liked for the second thought scare.

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021