Jump to content

Windows 10 WARNING: Microsoft fixes THESE major issues with latest patch


The AchieVer

Recommended Posts

 

Windows 10

 

Windows 10 users are being warned about some big issues in the Microsoft OS that attackers can take advantage of.

Windows 10 is one of the most popular operating systems in the world and is closing in on top spot.

Ever since it was released Windows 10 has been playing catch-up to get on par with the user base of Microsoft’s ageing Windows 7 software.

But now Windows 10 is at a crossing point with Windows 7.

 

Latest stats from NetMarketShare show last month Windows 10 had a 38.14 per cent chunk of the desktop OS share.

This is just a whisker behind Windows 7 on 38.89 per cent.

And now Windows 10’s huge user base has been put on alert about newly discovered vulnerabilities in the software.

Almost 40 vulnerabilities in Windows 10 have been discovered including one zero-day security flaw that was being exploited by hackers.

The latter was discovered by Kaspersky and it allowed hackers to carry out a full remote command execution exploit.

Thankfully, Microsoft has now fixed these 39 issues with their latest patch Tuesday release.

Speaking about the security risk, Kaspersky said: “In October 2018, our AEP (Automatic Exploit Prevention) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system.

“Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018.”

Windows 10

 
 
 
 
Windows 10 is one of the most popular operating systems in the world (Image: MICROSOFT)

The security experts added: “This is the third consecutive exploited Local Privilege Escalation vulnerability in Windows we discovered this autumn using our technologies.

“Unlike the previously reported vulnerabilities in win32k.sys (CVE-2018-8589 and CVE-2018-8453), CVE-2018-8611 is an especially dangerous threat – a vulnerability in the Kernel Transaction Manager driver.

“It can also be used to escape the sandbox in modern web browsers, including Chrome and Edge, since syscall filtering mitigations do not apply to ntoskrnl.exe system calls.

“Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat.”

 

Windows 10

 
 
 
 
Windows 10 fans have been put on alert about almost 40 vulnerabilities (Image: MICROSOFT)

Windows 10

 
 
 
 
 
 
Windows 10 fans need to download the latest patches to fix the issues (Image: MICROSOFT)

While Chris Goettl, Director of Product Management, Security at Ivanti, added: “Microsoft has resolved a publicly disclosed vulnerability in .Net Framework (CVE-2018-8517) that could allow a denial-of-service in .Net Framework web applications.

“The vulnerability can be exploited remotely without authentication by issuing a specially crafted request to the vulnerable application.

“The vulnerability is rated as Important likely due to complexity to exploit, but it has been publicly disclosed, meaning enough information has been revealed to the public to give a threat actor a head start on creating an exploit to take advantage of the vulnerability.

“Public disclosures increase the odds a vulnerability will be exploited.”

Full details on the Microsoft December 2018 security updates can be found by clicking here.

 

 

Source

 

Link to comment
Share on other sites


  • Views 641
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...