10 matches found
Microsoft Fixes 66 Bugs in April Patch Tuesday Release
Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical. Notable is Microsoft’s disclosure of a publicly known SharePoint elevation of privilege bug CVE-2018-1034, rated important, which has no fix but has not been publicly exploited. Microsoft SharePoin...
March 13, 2018—KB4088875 (Monthly Rollup)
March 13, 2018—KB4088875 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4075211 released February 21, 2018 and addresses the following issues: Addresses an issue in which Internet Explorer is unresponsive in certain scenario...
CVE-2018-1038
The CVE-2018-1038 entry affects Windows 7 SP1 and Windows Server 2008 R2 SP1. Root cause: a mis-set bit in a page-table entry allowed userspace to overwrite page tables, enabling local privilege escalation. Documented impact is elevation of privilege with full confidentiality/integrity/availabili...
A “Patch for the Meltdown Patch” released out of band Thursday night
The Meltdown/Spectre saga continues… Late Thursday, Microsoft released a patch for Windows 7 and Server 2008 R2 operating systems to resolve CVE-2018-1038. Apparently, this vulnerability was actually introduced by the patches released in January to mitigate the effects of Meltdown. Microsoft did...
Microsoft Fixes Bad Patch That Left Win7, Server 2008 Open to Attack
Microsoft released an out-of-band fix on Thursday for a Windows vulnerability introduced earlier this year as a patch. If exploited, the bug could allow an authenticated attacker to install programs, access stored data or create new accounts with full user rights on Windows 7 and Server 2008 R2...
KLA11219 PE vulnerability in Microsoft Products (ESU)
PE vulnerability was found in Microsoft Products Extended Support Update. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2018-1038 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is...
Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed
Overview When the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Description The update that Microsoft has released for meltdown on x...
February 13, 2018—KB4074598 (Monthly Rollup)
February 13, 2018—KB4074598 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4057400 released January 19, 2018 and addresses the following issues: Addresses issue with editing input fields in some applications in Internet...
February 13, 2018—KB4074587 (Security-only update)
February 13, 2018—KB4074587 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Security updates to Windows Graphics, Windows Kernel, Common Log File System drive...
January 4, 2018—KB4056894 (Monthly Rollup)
January 4, 2018—KB4056894 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4054518 released December 12, 2017 and addresses the following issues: Security updates to Windows SMB Server, Windows Kernel, Microsoft Graphics...