Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,

Patchday: Microsoft fixes 50 vulnerabilities

In many Windows versions, there is a critical gap in the DNS programming interface. Security updates are available.
Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,

On Patchday in June, Microsoft secures Edge, Internet Explorer, Office, and Windows. In total, security updates iron out 50 errors that endanger the security of computers. Eleven vulnerabilities are considered “critical”. Microsoft classifies the patches for the remaining 39 gaps as “important”.

Remote code execution

The most critical gap this month is in the Windows Domain Name System (DNS) DNSAPI.dll. For a successful attack, an attacker only needs to send a prepared DNS response to a vulnerable system via a DNS server. It should then be able to execute malicious code. This affects Windows 7 to 10 and various editions of Windows Server.

A critical gap in Internet Explorer was known in advance, but so far there have been no attacks, according to Microsoft. For a successful attack, a visit to a website specially prepared by attackers should be sufficient. Microsoft warns that the initialization of an attack can also take place via prepared advertising elements that an arbitrary website obtains from an advertising network. If an attack is successful, an attacker should be able to execute malicious code with the rights of the victim. If a victim has admin rights, a computer is considered compromised.

Such memory error gaps also gape in Edge. The attack scenario is similar. Alternatively, attacks should also be possible via manipulated documents that a victim must open.

Attacks on Flash Player

Adobe released an emergency patch for its Flash Player last week. Attackers are currently exploiting a gap and are targeting Windows users. Issue 30.0.0.113 is secured. Under Windows 8.1 and 10, Internet Explorer 11 and Edge automatically receive the latest Flash version.

Important security updates

Other vulnerabilities can be found in various Windows components such as Kernel and Device Guard. If attackers exploit the gaps, they should, among other things, be able to gain access to information that is actually sealed off. Bypassing security mechanisms and obtaining higher user rights is also possible.

Microsoft provides information about the patched vulnerabilities in the Security Update Guide. However, the list is anything but clear. A much better list can be found in the Patchday blog article by Cisco Talos.

Related posts:

Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,
Microsoft Edge is expected to become the world’s second largest desktop browser
Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,
Windows 10 v1809, Microsoft Deploys Cumulative Update KB4464330
Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,
Microsoft launches a patch for Windows that protects WiFi from KRACK
Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,
Windows 10 Fall Creators Update and KB4284819, what’s new?
Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,
Windows 10 Fall Creators Update, Microsoft fixes the “fatal flaw” in its Meltdown patch
Patchday: Microsoft fixes 50 vulnerabilities, Patchday: Microsoft fixes 50 vulnerabilities,
AMD responds to vulnerabilities discovered in Ryzen CPUs

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *