Microsoft Issues Nine Patches for 37 Bugs
Microsoft has issued nine patches for 37 issues in Windows, Office, SQL Server, Net Framework and SharePoint Server, according to the company`s August security bulletin.
The advisory patches fix severe vulnerabilities such as remote code execution, privilege escalation and security feature bypass.
“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” the IE security update (MS14-051) said. “An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”
There are 26 patched Internet Explorer flaws in total, ranging from IE 6 to IE 11, as only one was disclosed and 25 others undisclosed.
Another remote code execution flaw was found in Windows Media Center that could allow an attacker to gain the same rights as the affected user.
.NET Framework didn’t escape the patching this time, as a security bypass vulnerability was found and its details are undisclosed. An attacker could bypass the Address Space Layout Randomization (ASLR) via a specially crafted website.
“The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code,” said the MS14-046 security bulletin.
The last critical vulnerabilities are privilege escalation flaws found in the Kernel-Mode Drivers. The exploit could allow an attacker to escalate privileges if he “logs on to the system and runs a specially crafted application.” This time the attacker “must have valid logon credentials and be able to log on locally” to exploit it.
Microsoft Windows users are advised to apply the latest update for their own security. These patched vulnerabilities are rated as severe and their exploitation could be damaging.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021