Microsoft fixes critical remote code execution flaw with latest security patch

Microsoft fixes critical remote code execution flaw with latest security patch

A new set of security patches released by Microsoft on 13th March was among the most comprehensive ones, fixing issues in various critical programmes like Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, Office Services and Web Apps.

Microsoft also announced that from May, it will stop offering security and quality updates for Windows 10 version 1507 and urged all users of the version to upgrade their systems to the latest version of Windows.

Via a blog post on Tuesday, Microsoft announced the release of a series of security patches for critical Windows 10 programmes like Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore and Adobe Flash.

According to Microsoft, the delta package will bring in security patches for Windows 10 version 1607 and newer, and other updates will also be available for older versions of the operating system like Windows RT 8.1 and Microsoft Office RT software, but these will be available via the Windows Update feature.

“After May 9, 2018, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10,” the redmont-based software giant added.

Fix for remote code execution vulnerability

Perhaps the most important security patch introduced by Microsoft this month is one that fixes a code execution vulnerability in the Credential Security Support Provider protocol (CredSSP). According to Microsoft, the vulnerability could allow an attacker with MitM capabilities to gain full access to a Remote Desktop Protocol session.

Naming the vulnerability as CVE-2018-0886, Microsoft said that to be fully protected against the vulnerability, users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems.

Back in August last year, Microsoft introduced patches for as many as 48 security vulnerabilities across multiple Microsoft products including the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows.

Aside from fixing previously-known vulnerabilities such as CVE-2017-8633 (Privilege Escalation with Windows Error Reporting) as well as CVE-2017-8620 (Windows Search Remote Code Execution Vulnerability), the patches also, for the first time ever, fixed security vulnerabilities on the Linux subsystem under Windows.

ALSO READ: Latest Microsoft Windows update brings in added ransomware protection

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]