{"id":11475,"date":"2018-02-13T16:17:23","date_gmt":"2018-02-14T00:17:23","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/13\/news-5246\/"},"modified":"2018-02-13T16:17:23","modified_gmt":"2018-02-14T00:17:23","slug":"news-5246","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/13\/news-5246\/","title":{"rendered":"Microsoft Patch Tuesday, February 2018 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 13 Feb 2018 21:13:27 +0000<\/strong><\/p>\n

Microsoft<\/strong> today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows<\/strong>, Internet Explorer<\/strong>\/Edge<\/strong>, Microsoft Office<\/strong> and Adobe Flash Player<\/strong>, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.<\/p>\n

\"\"February’s Patch Tuesday batch includes fixes for at least 55 security holes. Some of the scarier bugs include vulnerabilities in Microsoft Outlook<\/strong>, Edge and Office that could let bad guys or bad code into your Windows system just by getting you to click on a booby trapped link, document or visit a compromised\/hacked Web page.<\/p>\n

As per usual, the SANS Internet Storm Center<\/strong> has a handy rundown<\/a> on the individual flaws, neatly indexing them by severity rating, exploitability and whether the problems have been publicly disclosed or exploited.<\/span><\/p>\n

One of the updates addresses a pair of serious vulnerabilities in Adobe Flash Player (which ships with the latest version of Internet Explorer\/Edge). As KrebsOnSecurity warned last week<\/a>, there are active attacks ongoing against these Flash vulnerabilities.<\/p>\n

\"\"Adobe is phasing out Flash entirely by 2020, but most of the major browsers already take steps to hobble Flash. And with good reason: It’s a major security liability. Chrome also bundles Flash, but blocks it from running on all but a handful of popular sites, and then only after user approval.<\/p>\n

For Windows users with Mozilla Firefox installed, the browser prompts users to enable Flash on a per-site basis.\u00a0Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user\u2019s preference on subsequent visits.<\/p>\n

The latest standalone version<\/a> of Flash that addresses these bugs is 28.0.0.161<\/em> for Windows, Mac, Linux and Chrome OS. But most users probably would be better off manually hobbling or removing Flash altogether, since so few sites actually require it still. Disabling Flash in Chrome\u00a0is simple enough. Paste \u201cchrome:\/\/settings\/content<\/a>\u201d into a Chrome browser bar and then select \u201cFlash\u201d from the list of items. By default it should be set to \u201cAsk first\u201d before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.<\/p>\n

People running Adobe Reader<\/strong> or Acrobat<\/strong> also need to update, as Adobe has shipped new versions of these products that fix at least 39 security holes<\/a>. Adobe Reader users should know there are alternative PDF readers that aren’t so bloated or full of security issues. Sumatra PDF<\/a> is a good, lightweight alternative.<\/p>\n

Experience any issues, glitches or problems installing these updates? Sound off about it in the comments below.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 13 Feb 2018 21:13:27 +0000<\/strong><\/p>\n

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer\/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[17523,17524,11427,17525,3495,17395,15801,16936],"class_list":["post-11475","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-adobe-flash-zero-day","tag-flash-player-update","tag-google-chrome","tag-microsoft-patch-tuesday-february-2018","tag-microsoft-windows","tag-mozilla-firefox","tag-sans-internet-storm-center","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11475"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11475\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11475"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}