14 DAY TRIAL // Microsoft has released security updates as part of the October 2018 Patch Tuesday cycle, and this month a total of 49 vulnerabilities are being resolved.
While no less than 33 of these security flaws concern browsers, there are two important vulnerabilities that require prioritizing in October.
First of all, there’s CVE-2018-8453, a zero-day vulnerability in Windows that affects all supported versions of the operating system, both server and client. It allows for elevation of privilege, and Microsoft says it has already been exploited in the wild.
“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the software giant notes.
The good news is that an attacker first needs to log on to the system and only then launch an attack using a crafted application. However, if the attack is successful, a malicious actor can take full control of the targeted system.
Hello, Windows 10 version 1809!
The second vulnerability is CVE-2018-8423 and it was publicly disclosed. It’s an RCE flaw in Microsoft JET Database engine, and also impacts all versions of Windows on the market.
To exploit the vulnerability, attacks need to deploy a crafted Microsoft JET Database Engine file on the target system. This means you should avoid opening files coming from untrusted sources until patching is complete. Microsoft says it hasn’t seen any attacks based on this flaw, so it gave an Important severity rating on all supported Windows versions.
There are no patches for Adobe Flash Player this month, which is kind of surprising, but other than that, Windows 10 users are also getting their typical cumulative updates with both security and non-security fixes. Windows 10 version 1809 (October 2018 Update) also makes its first appearance in Patch Tuesday logs, while Windows 10 version 1703 (Creators Update) is no longer supported starting this month.