14 DAY TRIAL // Microsoft has released this month’s Patch Tuesday updates to address security vulnerabilities in a wide array of products, starting with Windows and ending with Internet Explorer and Microsoft Edge.
A total of 65 flaws in Microsoft software are being fixed this month, and no less than 22 of them are rated as critical. However, the software giant says it’s not aware of any attacks happening in the wild, though it reminds that it’s important for everyone to install updates as soon as possible.
The critical updates target Windows, Office, and several other products, with one public disclosure for SharePoint Server. Described in CVE-2018-1034, this vulnerability can allow an attacker to gain the same rights as the logged-in user.
“An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server,” Microsoft says.
Flash Player patches included
There’s also a vulnerability in the Windows kernel that allows for elevation of privilege, and Microsoft says that it’s not aware of any public exploits either. Attackers exploiting this flaw can take full control of the system, and affected Windows versions include 64-bit versions of Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1.
“An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company explains.
As per the typical Patch Tuesday rollout, there are also Flash Player patches that were released by Adobe and which are part of the pack shipped to Windows users. Flash Player comes built-in by default into Internet Explorer 11 and Microsoft Edge and vulnerabilities are addressed via Windows Update.