Microsoft fixes critical flaw affecting every version of Windows

By -

Summary: The software giant said the flaws could allow an attacker to remotely run malware if a user opens specially crafted media content that's hosted on a website.
The vulnerabilities in how Windows handles media files could allow an attacker to remotely run malware.


This month's bumper release of security patches has one bulletin that affects every supported version of Windows.

Microsoft said on its regularly scheduled Patch Tuesday that users on Windows Vista and later -- including Windows 10 -- should patch as soon as possible to prevent attackers from exploiting a flaw in how the operating system handles media files.

The "critical" bulletin (MS16-027) patches an issue that could allow an attacker to remotely execute code or malware as the logged-in user. Those who are logged in as an administrator are at the greatest risk. An attacker would have to trick a user into opening a specially-crafted media file, which would let the attacker take control of the entire system.

The good news is that Microsoft said the flaw was privately reported and is not thought to have been actively exploited in the wild by malicious actors.

Microsoft also released four other critical flaws affecting Windows, including cumulative patches to Internet Explorer (MS16-023) and its newer browser, Microsoft Edge for Windows 10 (MS16-024).
The other two bulletins include:

  1. MS16-026 addresses a series of flaws in how Windows handles certain fonts. If an attacker either tricks a user to open a specially crafted document, or to visit a website that contains specially crafted embedded OpenType fonts, which could lead to a denial of service attack.
  2. MS16-028 fixes a number of vulnerabilities that would allow an attacker to take control of an an affected system. The patch addresses the flaws by modifying how Windows handles PDF files.Neither flaws are thought to have been exploited in the wild.
A number of other "important" patches -- MS16-025, and MS16-029 through MS16-035 -- fix an array of issues, such as address elevation of privileges and security feature bypasses.

March patches will be available through the usual update channels.

Comments

Post a Comment

Popular Posts

Hacker steals data of millions of Bulgarians, emails it to local media

By -
Image
  Source of the data breach appears to be the country's National Revenue Agency A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications. The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. In a  message posted on its website  on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack. "We are currently verifying whether the data is real," said the NRA. Hours after this article's publication, the Bulgarian Ministry of the Interior  confirmed the hack . HACKER STOLE 110 DATABASES, LEAKED 57 According to reports from local media [ 1 ,  2 ,  3 ,  4 ,  5 ], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total populatio
Read more

​Linux totally dominates supercomputers

By -
Image
It finally happened. Today, all 500 of the world's top 500 supercomputers are running Linux. Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list . Today it finally happened:  All 500 of the world's fastest supercomputers are running Linux . The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the  November 2017 TOP500 Supercomputer list . Overall, China now leads the supercomputing race with 202 computers to the US' 144. China also leads the US in aggregate performance. China's supercomputers represent 35.4 percent of the Top500's flops, while the US trails with 29.6 percent. With an anti-science regime in charge of the government, America will only continue to see its technological lead decline. When the  first Top500 supercomputer list was compiled in June 1993 , Linux was barely more than a toy. It hadn't even adopted Tux as its masc
Read more

Microsoft tries to stem its self-made collaboration-tool confusion

By -
Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t
Read more