Technology, Top News

Patch Tuesday: Microsoft pushes out fixes for 56 flaws in Adobe Flash, Office

MICROSOFT HAVE SPEWED OUT new patches for an estimated 56 vulnerabilities, including fixes for Adobe Flash and Office applications, in its latest Patch Tuesday bundle of bug and security fixes. 

In total, 16 flaws labelled as “critical” have been patched. 

Published as part of the January 2018 Patch Tuesday security updates, these fixes coincide with the Meltdown and Spectre flaws, which became public last week.

The company has just released an out-of-band security update, which aims to fix vulnerabilities associated with Meltdown, the chip architecture flaw affecting almost all Intel CPUs made since 1995. Microsoft issued the fix as an “emergency” update.

However, that fix can brick PCs running AMD Athlon CPUs because, Microsoft claims, the documentation AMD supplied was incorrect. Making the issue more serious, though, Microsoft neglected to include a restore point in the update process, meaning that users cannot roll-back the update. 

Among the notable updates in Patch Tuesday is a fix to a zero-day vulnerability identified in Microsoft Office and WordPad applications. 

According to Microsoft, the flaw (CVE-2018-0802) is a memory corruption issue that enables attackers to perpetrate remote code execution on targeted PCs. The flaw hides in the Microsoft Office Equation Editor component.

To fix the zero-day flaw, the firm has tweaked the Equation Editor’s design.

It has also fixed a Mailspoilt vulnerability in the Mac version of Outlook. Codenamed CVE-2018-0819, the flaw allowed attackers to spoof email identifies.

There are several Adobe Flash updates. In total, Microsoft has patched bugs across Edge, Windows, Office, Web Apps, SQL Server and ChakraCore.

Commenting on the patches, Ivanti’s Chris Goetti said: “Microsoft started Patch Tuesday a little early this month by releasing the operating system updates last week.

“These additions brings Microsoft’s January patch updates to a total of about 55 vulnerabilities (CVEs). This includes four CVEs that have been publicly disclosed and one CVE detected in exploits in the wild”. µ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend