123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Microsoft Mitigates 34 Security Flaws In Latest Patch Tuesday

Profile Picture
By Author: eccuni
Total Articles: 211
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Microsoft has released 16 security bulletins in the latest Patch Tuesday, which address 34 vulnerabilities. While nine of the bulletins deal with critical vulnerabilities, seven relate to vulnerabilities rated important by the developer. Further, the company has provided an exploitability index, indicating possibility of an exploit for seven of the nine critical bulletins within 30 days. The vulnerabilities may cause remote code execution, denial of service, information disclosure or elevation of privileges. The company has mitigated twelve critical security flaws associated with Internet Explorer (IE). Eleven of those vulnerabilities may cause remote code execution, allowing attackers to gain same privileges on the affected system as that of the user. A user has to visit a specially crafted malicious web page through IE for the attack to be successful. One of the addressed flaws relates to Microsoft’s implementation of Vector Markup Language, and allows remote code execution on visit to a specially crafted malicious web page using IE. This vulnerability does not affect IE 9.

One of the critical vulnerabilities addressed ...
... in the latest security update by Microsoft may cause remote code execution, if attacker uses a client computer to make specific requests on a system, which uses TMG firewall client.

The security update resolves two security flaws in the Distributed File System (DFS), which allow attackers to execute arbitrary code, and gain complete control of a computer system by sending a specially crafted DFS response to a client initiated DFS request. Microsoft has resolved a flaw associated with SMB, which may result in remote code execution if attackers send a specially crafted malicious SMB response to SMB request by a client.


The update mitigates a security flaw in XML editor, which may cause information disclosure if users open a specially crafted web service directory. Attackers may use the disclosed information for launching more sophisticated attack on the target computer. The update resolves a denial of service vulnerability in Windows Server 2008 Hyper-V, and Windows Server 2008 R2 Hyper-V. The developer has also addressed a cross-site scripting vulnerability in Active Directory Certificate Services Web Enrolment. Successful exploitation of the vulnerability may allow attackers to execute arbitrary commands by gaining higher privileges. Microsoft has rated all the above three vulnerabilities as important.

Usually, Microsoft releases security update on second Tuesday of every month. Attackers exploit the time lag between the patch release and their implementation by users. As such, it is crucial to keep track of various security updates issued by developers. Professionals qualified in IT degree programs may allow organizations to identify, prioritize and implement security advisories before their exploitation by attackers. Employees must be aware of password construction, handling sensitive data, document download policy, social engineering threats and dealing with suspicious e-mails. Employees must be restricted from sharing passwords and computer systems. E-learning and online IT degree programs may help employees in understanding and implement safe computing practices.

Data breach incidents in the recent past have highlighted the reactive approach to security. Reactive policy may make organizations vulnerability to security incidents. As such, organizations must evolve proactive approach to deal with security threats. IT professionals must update their technical skills and know-how through participation in security conferences, undertaking online IT courses, and security certifications and enhance their capabilities to deal with various forms of malware, spear phishing, and botnet attacks.

Total Views: 295Word Count: 554See All articles From Author

Add Comment

Computers Articles

1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise Servers
Author: Server Tech Central

2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp

3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing

4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp

5. How To Start Your Website Redesign Project?
Author: brainbell10

6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam

7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp

8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp

9. How To Setup And Create Instagram Ads?
Author: brainbell10

10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap

11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10

12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10

13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp

14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10

15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: