Patches out for critical flaws in Windows, Firefox, Flash and Acrobat – CSO

Microsoft has released fixes for 25 critical flaws, including one that’s likely to be used in malware. 

Microsoft’s August update addresses a total of 48 flaws, more than half of which are critical remote code execution flaws. The bugs impact Microsoft’s Edge and Internet Explorer, Windows PDF, Windows Search, Sharepoint, and Microsoft’s new Windows Subsystem for Linux. There are also updates for Adobe’s Flash Player plugin in Microsoft’s browsers. 

Microsoft’s JavaScript browser engine for Edge, known as Chakra, got a lot attention in this update. Cisco’s Talos unit notes 17 of the 25 critical vulnerabilities affect the JavaScript engine, which can be exploited if a user visits a page with malicious JavaScript code. Six of them were reported by Google’s Project Zero researchers.    

Trend Micro’s ZDI though reckons a Windows Search flaw, tagged as CVE-2017-8620, is “by far the most critical bug” this month, in part due to its similarity to a past Search flaw that was attacked. The bug will be attractive to malware authors for its wormable potential. 

“An attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer,” Trend Micro notes, adding that admins should disable the SMBv1 file-sharing protocol. 

Full article from the Source…

Back to Top