Posts Tagged: CVE-2018-8314


10
Jul 18

Patch Tuesday, July 2018 Edition

Microsoft and Adobe each issued security updates for their products today. Microsoft’s July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat.

According to security firm Qualys, all but two of the “critical” fixes in this round of updates apply to vulnerabilities in Microsoft’s browsers — Internet Explorer and Edge. Critical patches mend software flaws that can be exploited remotely by malicious software or bad guys with little to no help from the user, save for perhaps visiting a Web site or opening a booby-trapped link.

Microsoft also patched dangerous vulnerabilities in its .NET Framework (a Windows development platform required by many third-party programs and commonly found on most versions of Windows), as well as Microsoft Office. With both of these weaknesses, an attacker could trick a victim into opening an email that contained a specially crafted Office document which loads malicious code, says Allan Liska, a threat intelligence analyst at Recorded Future.

One of the more nettlesome features of Windows 10 is the operating system by default decides on its own when to install updates, very often shutting down open programs and restarting your PC in the middle of the night to do so unless you change the defaults.

Not infrequently, Redmond ships updates that end up causing stability issues for some users, and it doesn’t hurt to wait a day or two before seeing if any major problems are reported with new updates before installing them. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. Continue reading →