In Brief
You should non fille this month’s Patch Updates, every bit it brings fixes for critical issues inward Adobe Flash Player, iOS, Xcode, the Apple Watch, Windows, Internet Explorer, in addition to the Edge browser.Adobe has rolled out a critical update to address several issues, most of which are Remote Code Execution flaws, inward its widely-used Adobe Flash Player for Windows, Macintosh, Linux in addition to ChromeOS. Whereas, Microsoft has released fourteen safety updates to produce a amount of 50 vulnerabilities inward Windows in addition to related software.
First of all, if yous get got Adobe Flash Player installed in addition to get got non silent updated your software plugin, yous are playing amongst fire.
Critical Flash Vulnerabilities Affect Windows, Mac, Linux in addition to ChromeOS
Adobe has released its latest circular of safety patches to address critical vulnerabilities inward Adobe Flash Player for Windows, Mac OS X, Linux in addition to ChromeOS.
The Flash vulnerabilities could potentially allow an aggressor to accept command of the vulnerable system. So, users are strongly advised to update to Flash Player version 23.0.0.162 earlier hackers get got their hands on it.
However, the best advice I tin give yous is to ditch this insecure, buggy software 1 time in addition to for all in addition to significantly better the safety of your scheme inward the process.
Even PornHub said Good Bye to Flash Player, then it's no longer an excuse for yous to proceed Flash on your PC ;)
Meanwhile, Microsoft has released its September 2016 Patch Update that includes fourteen bulletins, 7 of which earned its most dire "critical" rating in addition to 7 are rated every bit "important," addressing a amount of 50 vulnerabilities.
Critical Zero-Day Exploit inward the Wild
The most critical vulnerability addressed past times Microsoft inward the MS16-104 in addition to MS16-105 update is a zero-day vulnerability inward Internet Explorer (IE) in addition to Edge.
Dubbed Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3351), the zero-day flaw could allow an aggressor to perform remote code execution attacks past times tricking a victim to sentiment a peculiarly crafted webpage using Internet Explorer or Edge.
If exploited successfully, the aggressor would make the same user rights every bit the electrical flow user in addition to could accept command of an affected system, if the victim is logged on amongst administrative user rights, potentially allowing the aggressor to install malware, modify or delete data, or fifty-fifty produce novel accounts amongst amount user rights.
This informational disclosure põrnikas was start reported past times Proofpoint researchers amongst the assist of Trend Micro inward 2015, when they uncovered a massive malvertising campaign, dubbed AdGholas, actively exploiting the CVE-2016-3351 flaw.
The researchers every bit good establish roughly other hacking grouping named GooNky actively exploiting the flaw. For in-depth details almost the flaw, yous tin caput on to Proofpoint's weblog post.
Another critical bulletin MS16-108 affecting organizations using Exchange Server for their electronic mail platform addresses a file format parsing flaw that could move exploited past times attackers using remote-code execution to expire amount command of the Exchange Server. This flaw affects all supported versions of Exchange Server.
To exploit the flaw, all an aggressor needs is to shipping a malicious file to anyone inward the organisation in addition to Boom! Exchange Server pre-parses to uncovering out the file type, which would expire the malicious exploit triggered earlier users fifty-fifty expire the file.
Other Critical in addition to Important flaws inward Windows in addition to its Software
Other critical Bulletins include MS16-106 that fixes 5 holes inward the Windows Graphics Device Interface; MS16-107 that contains patches for Microsoft Office in addition to SharePoint to address a amount of xiii vulnerabilities; MS16-116 that fixes a RCE flaw inward Microsoft OLE Automation machinery in addition to the VBScript Scripting Engine; in addition to MS16-117 that includes critical fixes for Adobe Flash libraries contained inward Internet Explorer 10 in addition to eleven in addition to Microsoft Edge.
Note: The MS16-11 produce requires users to start apply the Internet Explorer update (MS16-104) inward gild to move effective.
Important Bulletins include fixes for RCE flaws inward Windows, SMBv1 Server in addition to Silverlight; tiptop of privilege flaws inward the Windows Kernel in addition to Windows Lock Screen; an information disclosure põrnikas inward the Windows Secure Kernel Mode; in addition to a dyad of information disclosure vulnerabilities inward Windows PDF Library.
Users are advised to apply Windows every bit good every bit Adobe patches to proceed away hackers in addition to cybercriminals from taking command over your computer.
Microsoft Ends Tuesday Patches Trend
The September Patch Update was the concluding traditional Windows Patch Tuesday every bit the tech giant is moving to a novel patching unloose model.
The future land updates volition bundle all patches together, in addition to yous volition no longer move able to pick out which updates to install. The whole bundle of patches volition move installed altogether, which volition larn out no jeopardy for hackers to target vulnerabilities for which patches are already released.
In addition, the novel "Monthly Rollup" volition move combined in addition to delivered to the users. Like the Nov land update volition every bit good include all the patches from October.
