Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.
There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.
Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.
In this Microsoft released security update also fixed 8 years old remote code execution bug that affected Exchange Server is the resurfacing of a vulnerability that discovered in 2010.
Some of the following remote code execution flows that reported in public also fixed in this security updates.
CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
CVE-2018-8531, a remote code execution flaw in Azure IoT device client.
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.
Mitigating Vulnerability Types & 0-day Threats
Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly