Microsoft released security updates under December Patch Tuesday and fixed several vulnerabilities that affected various Microsoft products.
There are 39 vulnerabilities were addressed including the active zero-day vulnerability that could exploit using malware and attackers execute the code in the kernel.
Following Microsoft products are patched in this December security release along with some of the critical security vulnerabilities.
Adobe Flash Player
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
.NET Framework
Microsoft Dynamics NAV
Microsoft Exchange Server
Microsoft Visual Studio
Windows Azure Pack (WAP)
In this case, Microsoft marked 9 vulnerabilities as “critical,” that allow very serious impact and a remote attacker could take over the vulnerable applications and 30 flaws rated as “important”.
CVE-2018-8517, A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application,” . “The vulnerability can be exploited remotely, without authentication.”
Rapid7 reported Internet Explorer (CVE-2018-8631) and Edge (CVE-2018-8624) which considered by Microsoft that most likely to be exploited.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.
Mitigating Vulnerability Types & 0-day Threats
Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly