Microsoft, Intel, and Adobe have announced bundles of planned security patches stating more than 150 CVE-listed flaws IT admins aspect a hectic week forward.

Surprise, surprise, Microsoft has a ton of browser patches

The July Patch Tuesday for Redmond will bring patches for fifty three separate flaws, twenty five of those letting for distant code implementation threats.

This contains the normal collection of Edge and Internet Explorer memory corruption bugs that could permit a hacker to place activities within a website page and practice them to capture a system with the existing rights of the user.

RCE flaws were also fixed in the PowerShell Editor Services (CVE-2018-8327), Visual Studio (CVE-2018-8172), and .NET Framework (CVE-2018-8260), SharePoint (CVE-2018-8300), Wireless Display Adaptor (CVE-2018-8306), Skype for Business and Lync (CVE-2018-8311), Access (CVE-2018-8313), and Office (CVE-2018-8281).

The external twenty five distant code implementation bugs, ZDI investigator Dustin Childs states admins will require to compensate distinct consideration to CVE-2018-8319, a security avoid bug in the MSR JavaScript Cryptography Library, CVE-2018-8304, a denial of service in the Windows DNSAPI, and CVE-2018-8310, a interfering flaw in the manner Outlook manages attachments in HTML emails, dissipating the technique for external threats via harmful fonts.

“An attacker exploiting this vulnerability could embed untrusted TrueType fonts into an email,” Childs explained. “Bugs in fonts have been popular since 2013 and have been used in malware attacks in the past. This bug could allow them to spread and possibly even bypass traditional filters.”

Intel boosts off four times a year campaign update

The Intel’s initial edition of new security update program also public on Tuesday, with Chipzilla fixing a dozen flaws in its platforms. The Intel update comprises a fix for CVE-2017-5704, furthermore to the innovative Spectre side-channel uneven demarcated facts here a flaw that could permit attacker with local right to practice for pulling the BIOS or AMT passwords out of memory.

Various advisories from Chipzilla contain:

SA-00159, a state where EDK 2 untested memory is remained insecure by SMM Page Protection in Tianocore firmware, possibly permitting promotion of opportunity and Information Disclosure.

SA-00158, what Intel defines as advancement of opportunity from insecure handling of certain UEFI variables.

SA-00157, a patch for a denial of service flaw in the bottle.py module in Quartus Prime Pro.

SA-00152, a raise of opportunity flaw from a firmware verification avoid in 4th generation and later Core processors.

SA-00151, a flaw in Quartus that lets a hacker to substitute the obligatory executable that load on restart.

SA-00132, an input authentication mistake that could let for denial of service in VTune Amplifier, Advisor, and Inspector.

SA-00130, a denial of service bug in the BMC firmware.

SA-00129, a denial of service flaw reason by an input authentication error in the Bleach element for Intel Distribution for Python (IDP) component.

SA-00118, a patch for a raise of opportunity mistake in the Converged Security Management Engine.

SA-00114, a flaw in the Optane memory component that remained some media functioning Whole Disk Encryption unencrypted and potentially accessible under specific conditions. Intel doesn’t state what those circumstances are, but the hacker would require physical access to the storing.

SA-00112, a fix for an elevation of privilege flaw in the Active Management Technology component of CSME.

Enormous Adobe Reader and Acrobat Fixes

Adobe in some way succeeded this month to identify itself struggling approximately twice as numerous security flaws as Microsoft. Most of the patches came in the form of a giant fix for Reader and Acrobat that protection 104 CVE-listed flaws. Adobe states the vulnerabilities are entire valued either dangerous or significant and contain both distant code implementation and facts expose vulnerabilities that would be oppressed via harmful PDF files.

Flash Player is attaining an update for two vulnerabilities, one permitting distant code implementation and another facts revelation. Three more bugs were marked and compressed in Adobe Connect letting for verification avoid, while three server side appeal fake flaws were fixed in the Adobe Experience Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *