In the Windows Update already appeared latest updates issued under the security bulletins scheduled for February. They corporation patch vulnerabilities in their applications and services, as well as improves the errors associated with their operation. Unfortunately, in some cases, caused problems with the latest patches.
In February Microsoft released a total of 9 bulletins that fix 56 separate vulnerabilities and security holes in Windows, consumer and server versions, as well as different versions of Office. Three of them were identified as critical and it is recommended to install them as soon as possible. The first of these, MS15-009 is a cumulative patch package for Internet Explorer repairing 40 vulnerabilities in it. The most serious of them allow an attacker to remotely execute code and gain the same rights which is currently employed by the user. Computers are used where limited account are less vulnerable to the adverse effects of this attack – this situation well shows that when there is no need, we should not use administrative accounts.
Another patch marked MS15- 010 fixes five bugs in Windows, it is marked as critical for Windows 7 and higher, and as important for Vista, and Windows Server 2003 and 2008. Also in this case, about the possibility of remote code execution. To attack occurs by opening specially crafted document, or visiting a compromised page containing embedded TrueType fonts. The last of the critical updates, MS15-011, also patch a bug in Windows. If an attacker convinces a user working in a domain to connect to the network controlled by him, will be able to take advantage of the hole and remotely execute malicious code. The patch improves the group policy configuration and makes it impossible to carry out such an attack.
Other patches MS15-012 to MS15-017 from concern minor security problems in various Microsoft software: some of them refers to the Office, others are associated with Microsoft Graphics Component. Most of them allow remote code execution, as we can see, it is the largest safety-related affliction most components as a system, as well as additional programs.
Other security patches have been prepared for patching Flash Player for Internet Explorer in Windows 8.1, and also allow you to disable support for SSL 3.0 fallback in this browser. This mechanism allows the switch to SSL in the situation if it was impossible to establish a connection using TLS. Currently, such action can disable protected mode in Internet Explorer, in order to better protect against attack POODLE. Non-safety related amendments are designed to improve performance and software compatibility. They also fix bugs, and one of them turns on the automatic update to Windows 8 Release 8.1.
Unfortunately, one of the update causes problems. Kosher KB 3001652 is a cumulative update package for Visual Studio 2010 Tools for Office Runtime. Many users have reported problems associated with it: when you try to install a computer “locks in” and salvation was only the restart, and thus, the effects of the loss of work. Fortunately, the patch has already been withdrawn, this time Microsoft’s response to the report was therefore very fast and the most correct. We hope that the patch again soon appear on Windows Update, except that the revised, as the non-problems.
No comments:
Post a Comment