{"id":12232,"date":"2018-05-08T13:17:02","date_gmt":"2018-05-08T21:17:02","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/05\/08\/news-6001\/"},"modified":"2018-05-08T13:17:02","modified_gmt":"2018-05-08T21:17:02","slug":"news-6001","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/05\/08\/news-6001\/","title":{"rendered":"Microsoft Patch Tuesday, May 2018 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 08 May 2018 20:38:16 +0000<\/strong><\/p>\n

Microsoft<\/strong> today released a bundle of security updates to fix at least 67 holes in its various Windows<\/strong> operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe<\/strong> has a new Flash Player<\/strong> update that addresses a single but critical security weakness.<\/p>\n

\"\"First, the Flash Tuesday update<\/a>, which brings Flash Player to v.\u00a029.0.0.171<\/em>. Some (present company included) would that Flash Player is itself “a single but critical security weakness.” Nevertheless, Google Chrome<\/strong> and Internet Explorer\/Edge<\/strong> ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.<\/p>\n

You can check if your browser has Flash installed\/enabled and what version it’s at by pointing your browser at\u00a0this link<\/a>. Adobe is\u00a0phasing out Flash entirely by 2020<\/a>, but most of the major browsers already take steps to hobble Flash. And with good reason: It\u2019s a major security liability.<\/span><\/p>\n

Google Chrome blocks Flash from running on all but a handful of popular sites, and then only after user approval. Disabling Flash in Chrome\u00a0is simple enough. Paste \u201cchrome:\/\/settings\/content<\/a>\u201d into a Chrome browser bar and then select \u201cFlash\u201d from the list of items. By default it should be set to \u201cAsk first\u201d before running Flash, although users also can disable Flash entirely here or whitelist\/blacklist specific sites. If you spot an upward pointing arrow to the right of the address bar in Chrome, that means there’s an update to the browser available, and it’s time to restart Chrome.<\/p>\n

\"\"For Windows users with\u00a0Mozilla Firefox<\/strong>\u00a0installed, the browser prompts users to enable Flash on a per-site basis.<\/p>\n

Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user\u2019s preference on subsequent visits. Microsoft users will need to install this month’s batch of patches to get the latest Flash version for IE\/Edge, where most of the critical updates in this month’s patch batch reside.<\/p>\n

According to security vendor Qualys<\/a>, one Microsoft patch in particular deserves priority over others in organizations that are testing updates before deploying them: CVE-2018-8174<\/strong> involves a problem with the way the Windows scripting engine handles certain objects, and Microsoft says this bug is already being exploited in active attacks.<\/p>\n

Some other useful sources of information on today’s updates include the Zero Day Initiative<\/a> and\u00a0Bleeping Computer<\/a>. And of course there is always the Microsoft Security Update Guide<\/a>.<\/p>\n

As always, please feel free to leave a comment below if you experience any issues applying any of these updates.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 08 May 2018 20:38:16 +0000<\/strong><\/p>\n

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness. First, the Flash Tuesday update, which brings Flash Player to v.\u00a029.0.0.171. Some (present company included) would argue that Flash Player is in itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer\/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[11414,10699,18334,18335,16888,17395,18336,13457,17220,16936,10525],"class_list":["post-12232","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-adobe","tag-chrome","tag-cve-2018-8174","tag-flash-player-29-0-0-171","tag-latest-warnings","tag-mozilla-firefox","tag-patch-tuesday-may-2018","tag-qualys","tag-security-tools","tag-time-to-patch","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12232"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12232\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12232"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}