Recently, Microsoft released on of the biggest security updates this year. The update fixes issues with 50 vulnerabilities in its products and 26 in the Flash Player. Patches were split into 14 security notifications, including one for Flash Player; itself. Vulnerabilities with Windows, I.E., Microsoft Edge, Microsoft Exchange, Microsoft Office and Office Web are all being patches with these updates.
Desktop users are recommended to prioritize the updates for Internet Explorer, Edge, Office, Microsoft Graphics Components, OLE Automation for VBScript Scripting Engine, and of course Adobe Flash Player.
Updates come in light of the recent spike in ransomware threats. These vulnerabilities can be exploited to achieve remote code execution by fooling uses to visit malicious websites, and download harmful files.
One of the Explorer and Edge vulnerabilities could have been used as an information disclosure in a chain of exploits.
“Although this vulnerability has not been publicly disclosed, it has been exploited,” Microsoft’s advisory stated.
Microsoft did not tell any more information on the attacks. The Silverlight update should be prioritized as well; instead of just important. Remote Code Execution could result from this vulnerability if it isn’t patched. All updates are trying to address the various classes of threats within each vulnerability, hence the number of updates users have been hit with.
Server Administrators can also benefit from the updates issued by Microsoft. The update for Exchange patches crucial vulnerabilities in Oracle Outside In Technology. OIT is a collection of software developer kits or, SDKs. These can be utilized to extract, scrub, normalize, convert, and view unstructured file formats.
Cisco’s researchers found vulnerabilities in Oracle OIT earlier in the year, saying that they can affect products from multiple vendors like Exchange. Oracle released patches for the flaws in July, and just now has Microsoft imported the fixes officially.
The OIT vulnerabilities are used to achieve Remote Code Execution through malicious emails containing malware filled attachments that are designed just to infect the Exchange server. The Office updates shouldn’t be overlooked either, as it relates to SharePoint Servers 2007, 2010, and 2013. The flaws could allow attackers to take complete control of servers for Word and Excel’s automation service. Director of Vulnerability Labs for Qualys, Amol Sarwate backed up these claims.
Administrators of severs should also take into consideration the Graphics Component updates that affect Windows servers 2008, as well as 2012. If it’s not fixed attackers with a domain user account to create malicious requests for Windows to execute arbitrary code with elevated permissions.
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.