{"id":10823,"date":"2017-12-12T13:17:01","date_gmt":"2017-12-12T21:17:01","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/12\/news-4595\/"},"modified":"2017-12-12T13:17:01","modified_gmt":"2017-12-12T21:17:01","slug":"news-4595","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/12\/12\/news-4595\/","title":{"rendered":"Patch Tuesday, December 2017 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 12 Dec 2017 20:57:23 +0000<\/strong><\/p>\n

The final Patch Tuesday of the year is upon us, with Adobe<\/strong> and Microsoft<\/strong> each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows<\/strong>,\u00a0Microsoft Edge<\/strong>, Office<\/strong>, Exchange<\/strong> and its Malware Protection Engine<\/strong>. And of course Adobe’s got another security update available for its\u00a0Flash Player <\/strong>software.<\/p>\n

\"\"The December patch batch addresses more than 30 vulnerabilities in Windows and related software. As per usual, a huge chunk of the updates from Microsoft tackle security problems with the Web browsers built into Windows.<\/p>\n

Also in the batch today is an out-of-band update<\/a> that Microsoft first issued last week to fix a critical issue in its Malware Protection Engine<\/strong>, the component that drives the Windows Defender\/Microsoft Security Essentials<\/strong> embedded in most modern versions of Windows, as well as Microsoft Endpoint Protection<\/strong>, and the Windows Intune Endpoint Protection<\/strong>\u00a0anti-malware system.<\/p>\n

Microsoft was reportedly made aware of the malware protection engine\u00a0bug<\/a>\u00a0by the U.K.’s National Cyber Security Centre<\/strong> (NCSC), a division of the Government Communications Headquarters<\/strong> — the United Kingdom’s main intelligence and security agency. As spooky as that sounds, Microsoft said it is not aware of active attacks exploiting this flaw.<\/span><\/p>\n

Microsoft said the flaw could be exploited via a booby-trapped file that gets scanned by the Windows anti-malware engine, such as an email or document. The issue is fixed in version 1.1.14405.2\u00a0<\/em>of the engine. According to Microsoft, Windows users should already have the latest version because the anti-malware engine updates itself constantly. In any case, for detailed instructions on how to check whether your system has this update installed, see this link<\/a>.<\/p>\n

The Microsoft updates released today are available in one big batch from Windows Update<\/strong>, or automagically via Automatic Updates. If you don’t have Automatic Updates<\/a> enabled, please visit Windows Update sometime soon (click the Start\/Windows button, then type Windows Update).<\/p>\n

\"\"The newest Flash update from Adobe brings the player to v. 28.0.0.126<\/em>\u00a0on Windows, Macintosh, Linux and Chrome OS.\u00a0Windows users who browse the Web with anything other than Internet Explorer may need to apply the Flash patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).<\/p>\n

Chrome and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates and\/or restart the browser to get the latest Flash version). Chrome users may need to restart the browser to install or automatically download the latest version.<\/p>\n

When in doubt, click the vertical three dot icon to the right of the URL bar, select \u201cHelp,\u201d then \u201cAbout Chrome\u201d: If there is an update available, Chrome should install it then. Chrome will replace that three dot icon with an up-arrow inside of a circle when updates are waiting to be installed.<\/p>\n

Standard disclaimer: Because Flash remains such a security risk, I continue to\u00a0encourage readers to remove or hobble Flash Player unless and until it is needed for a specific site or purpose. More on that approach (as well as slightly less radical\u00a0solutions ) can be found in\u00a0A Month Without Adobe Flash Player<\/a>. The short\u00a0version is that you\u00a0can probably get by without Flash installed and not miss it at all.<\/p>\n

For readers still unwilling to cut the cord, there are half-measures that work almost as well. Fortunately,\u00a0disabling Flash in Chrome<\/a>\u00a0is simple enough. Paste \u201cchrome:\/\/settings\/content<\/a>\u201d into a Chrome browser bar and then select \u201cFlash\u201d from the list of items. By default it should be set to \u201cAsk first\u201d before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.<\/p>\n

Another, perhaps less elegant, solution is to keep Flash installed in a browser that you don\u2019t normally use, and then to only use that browser on sites that require it.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 12 Dec 2017 20:57:23 +0000<\/strong><\/p>\n

The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows,\u00a0Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe’s got another security update available for its\u00a0Flash Player software.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[16937,16938,16939,16936],"class_list":["post-10823","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-flash-player-28-0-0-126","tag-malware-protection-engine-emergency-update","tag-microsoft-patch-tuesday-december-2017","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10823"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10823\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10823"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}