Security Month: October 2018

October 31, 2018 blog, Security News
Another month of 2018 has passed and brought new security updates, that address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server.
Out of 49 flaws patched this month, 12 are rated as critical, 35 are rated as important, one moderate, and one is low in severity (for further details follow the link ).
The-Five-Stages-of-Vulnerability-ManagementThis October has also revealed several vulnerabilities. A new zero-day vulnerability in Windows was made public on Twitter by the same researcher who published an exploit for a bug in the Windows Task Scheduler at the end of August. The vulnerability impacts only the latest Windows versions, as the Data Sharing Service was introduced in Windows 10 (for further details follow the link).

Servers using libssh to implement the Secure Shell (SSH) remote login protocol may be vulnerable to attacks due to the existence of an authentication bypass flaw discovered recently. When authentication is initiated, the server expects a SSH2_MSG_USERAUTH_REQUEST message. However,  an attacker can trick the server into believing authentication was successful by sending it a SSH2_MSG_USERAUTH_SUCCESS message, which is normally only intended for communications from the server to the client (for further details follow the link).

With all this on mind, we advise everyone to keep an eye on security patches and make updates once available, be aware of security flaws that may have a negative effect on yous systems and business processes.