December 11, 2018—KB4471318 (Monthly Rollup)

December 11, 2018—KB4471318 Monthly Rollup Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes This...

November 13, 2018—KB4467107 (Monthly Rollup)

November 13, 2018—KB4467107 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4462927 released October 18, 2018 and addresses the following issues: Security updates to Windows App Platform and Frameworks, Windows Graphics,...

October 9, 2018—KB4462929 (Monthly Rollup)

October 9, 2018—KB4462929 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4457134 released September 20, 2018 and addresses the following issues: Security updates to Windows Media Player, Microsoft Graphics Component, Windows...

October 9, 2018—KB4462923 (Monthly Rollup)

October 9, 2018—KB4462923 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4457139 released September 20, 2018 and addresses the following issues: Security updates to Windows Media Player, Windows Graphics, Microsoft Graphics...

June 21, 2018—KB4284842 ( Preview of Monthly Rollup)

June 21, 2018—KB4284842 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4284826 released June 12, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates the...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

August 14, 2018—KB4343900 (Monthly Rollup)

August 14, 2018—KB4343900 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4338821 released July 18, 2018 and addresses the following issues: Provides protections against a new speculative execution side-channel vulnerability...

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

DEBIAN-CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

Design/Logic Flaw

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

CVE-2018-6556

CVE-2018-6556 affects lxc-user-nic where, when asked to delete a network interface, the code unconditionally opens a user-supplied path. This can let an unprivileged user infer the existence of a path they should not reach and may trigger side effects by opening (read-only) kernel files such as /...

UBUNTU-CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

CVE-2018-6556

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...

July 10, 2018—KB4338818 (Monthly Rollup)

July 10, 2018—KB4338818 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4284842 released June 21, 2018 and addresses the following issues: Provides protections for an additional vulnerability involving side-channel speculativ...

Spoof SSDP replies to phish for NTLM hashes: evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage. By default, this...

Multiple vulnerabilities in the Application Layer Protocol Inspection component of Cisco microprogrammed network interface devices, which allow attackers to cause service failures.

The multiple vulnerabilities of the Application Layer Protocol Inspection component in Cisco microprogrammed network interfaces are related to resource management errors. Exploiting these vulnerabilities could allow a malicious actor to cause service interruptions by sending large amounts of...