قالب وردپرس درنا توس
Home / Technology / Patch Tuesday, issue November 2019 – Krebs on Security

Patch Tuesday, issue November 2019 – Krebs on Security



Microsoft today released updates to address security vulnerabilities in its software, including patches, to fix at least 74 vulnerabilities in various variants of Windows and programs running on them. The November updates contain patches for a zero-day bug in Internet Explorer that is currently being exploited in the wild, as well as a malicious bug in certain versions of Office for Mac being bypassed Security measures and were publicly announced before today's patches.

More than a dozen issues resolved this month are considered critical, meaning they are vulnerabilities that could be exploited to install malware without the user being required to do so, except perhaps on to surf a hacked or malicious website or to open a file attachment caught with explosives.

Perhaps the most worrying of these critical loopholes is a zero-day bug in Internet Explorer (CVE-201

9-1429), which has been actively used. Today's fixes also address two more critical vulnerabilities in the same Windows component, which handle different scripting languages.

Microsoft has also fixed a bug in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass some of the security protections of the program that could let malicious macros through.

Macros are pieces of computer code that can be embedded in Office files, and malicious macros are commonly used by malware vendors to compromise Windows systems. Typically, this is in the form of a prompt to prompt the user to enable macros once they have opened an Office document contained in emails. Therefore, Office has the "Disable all macros without notification" feature.

However, Microsoft states that all versions of Office support older macros that do not take this setting into account, and that they can be used as macros, a vector for pushing malware. Will Dornan of CERT / CC reports that Office 2016 and 2019 for Mac still prompts the user before running these older macro types, Office for Mac 2011 users, but not before opening to warn .

Other Windows applications or components that receive critical-patch patches today include Microsoft Exchange and Windows Media Player. In addition, Microsoft patched nine security holes-five of which are critical-in the Windows Hyper-V an add-on to the Windows Server operating system (and Windows 10 Pro ) that allows users to create and run virtual machines (other "guest" operating systems) in Windows.

Although Adobe typically releases patches for its Flash Player browser, this is the second month in a row that Adobe has not released security updates for Flash. However, Adobe has today released security updates for a variety of its creative software suites, including Animate, Illustrator, Media Encoder, and Bridge. I also failed to notice last month that Adobe released a critical update for Acrobat / Reader that fixes at least 67 bugs. So if you have any of these products installed, please make sure they are patched and up to date.

Finally, Google recently resolved a zero-day bug in its Chrome Web Browser (CVE-2019-13720). If you use Chrome and see an up arrow to the right of the address bar, an update is pending. When you completely close and restart the browser, all available updates should be installed.

This seems to be a good time to remind all end users of Windows 7 that Microsoft will discontinue the delivery of security updates after January 2020 -life also affects Windows Server 2008 and 2008 R2. While companies and other volume licensing buyers will be able to pay for additional fixes after this time, all other Windows 7 users who wish to stay with Windows must consider migrating to Windows 10 soon. [19659003] Standard Heads-Up: Windows 10 likes to install patches at once and reboot your computer on its own schedule. Microsoft does not make it easy for Windows 10 users to change this setting. This is possible. For all other Windows operating system users, Windows Update has an appropriate setting if you want to be notified of new updates as they become available so you can choose when to install them. To get there, click the Windows key on your keyboard and type "Windows Update" in the box that appears.

Remember that keeping track of Windows patches is a good idea Make sure you do not update until you've backed up your important data and files. A reliable backup means that you probably will not freak out if the strange buggy patch causes problems booting the system. Do yourself a favor and back up your files before installing patches.

If you're having trouble installing these patches this month, you can leave a comment below. There is a good chance that other readers have experienced the same thing and may even have some helpful tips.



Tags: Adobe, CVE-2019-1429, CVE-2019-1457, Zero-Day Internet Explorer, Macros, Microsoft, Office for Mac, Windows 7 End of Life

You can jump to the end and leave a comment. Ping is currently not allowed.


Source link