“Adobe also released updates for Acrobat, Reader and Shockwave. Flash needs to be updated on the OS and in each of the major browsers, so there are really four updates necessary to fully resolve these vulnerabilities,” said Goettl. On that note, Adobe has patched the two remaining Flash bugs exposed in the Hacking Team data dump.
WINDOWS SERVER 2003 CRITICAL UPDATES LIST DRIVER
This important update, fixing RCE flaws in SQL Server, should be thoroughly tested first, he recommended.Īlso noteworthy is MS-15-073, which fixes several elevation-of-privilege flaws in the Windows Kernel-Mode Driver including one which was exploited by Hacking Team. MS15-058 on the other hand, was left over from last month.
WINDOWS SERVER 2003 CRITICAL UPDATES LIST UPDATE
Others worth noting are MS15-070, an ‘important’ update which addresses eight flaws in Office allowing for RCE, one of which has been used in targeted attacks and so must be patched straightaway, according to Shavlik product manager, Chris Goettl. Because this vulnerability does not rely on a particular product or service and it spans many Windows releases, it makes it a tempting target for attackers that can tee it up correctly.” “If a victim can be convinced to plant a malicious and untrusted dll in a certain location and then run an executable, the untrusted dll may be loaded and the attacker may gain control of the victim’s system. “These vulnerabilities are much more general and applicable, but require a bit of setup on the part of the attacker,” explained Core Security principal software engineer, Jon Rudolph. Rounding out the critical updates is MS15-068, which addresses two vulnerabilities in Windows Server Hyper-V which could allow RCE.
The four critical updates include a patch for Internet Explorer (MS15-065) which covers a whopping 29 vulnerabilities including remote code execution flaws.Īlso high on the list for IT admins should be MS15-066, which patches a vulnerability in the VBScript Scripting Engine which could also allow remote code execution (RCE), and MS15-067, which patches an RCE flaw in the Remote Desktop Protocol.
Microsoft has used the last Patch Tuesday for the now unsupported Windows Server 2003 to hit sysadmins with a hefty workload of 14 bulletins – four of them critical – patching 59 vulnerabilities.
0 kommentar(er)
