{"id":12557,"date":"2018-06-12T13:17:01","date_gmt":"2018-06-12T21:17:01","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/06\/12\/news-6326\/"},"modified":"2018-06-12T13:17:01","modified_gmt":"2018-06-12T21:17:01","slug":"news-6326","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/06\/12\/news-6326\/","title":{"rendered":"Microsoft Patch Tuesday, June 2018 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 12 Jun 2018 21:04:05 +0000<\/strong><\/p>\n

Microsoft<\/strong> today pushed out a bevy of software updates to fix more than four dozen security holes in Windows<\/strong> and related software. Almost a quarter of the vulnerabilities addressed in this month’s patch batch earned Microsoft’s “critical” rating, meaning malware or miscreants can exploit the flaws to break into vulnerable systems without any help from users.<\/p>\n

\"\"Most of the critical fixes are in Microsoft browsers or browser components. One of the flaws, CVE-2018-8267<\/a>, was publicly disclosed prior to today’s patch release, meaning attackers may have had a head start figuring out how to exploit the bug to attack Internet Explorer<\/strong>\u00a0users.<\/p>\n

According to Recorded Future<\/a>, the most important patched vulnerability is a remote code execution vulnerability in the Windows Domain Name System (DNS), which is present in all versions of supported versions of Windows from Windows 7<\/strong> to Windows 10<\/strong> as well as all versions of Windows Server from 2008 to 2016.<\/p>\n

“The vulnerability allows an attacker to send a maliciously crafted DNS packet to the victim machine from a DNS server, or even send spoofed DNS responses from attack box,” wrote\u00a0Allan Liska<\/strong>, a threat intelligence analyst at Recorded Future. “Successful exploitation of this vulnerability could allow an attacker to take control of the target machine.”<\/p>\n

Security vendor Qualys<\/strong> says<\/a> mobile workstations that may connect to untrusted Wi-Fi networks are at high risk and this DNS patch should be a priority for them. Qualys also notes that Microsoft this month is shipping updates to mitigate another variant of the Spectre vulnerability<\/a>\u00a0in Intel machines.<\/p>\n

And of course there are updates available to address the Adobe Flash Player<\/strong> vulnerability that is already being exploited in active attacks. Read more on that here<\/a>.<\/span><\/p>\n

It’s a good idea to get in the habit of backing up your computer before applying monthly updates from Microsoft. Windows has some built-in tools that can help recover from bad patches, but restoring the system to a backup image taken just before installing the updates is often much less hassle and an added piece of mind when you’re sitting there praying for the machine to reboot after patching.<\/p>\n

This assumes you can get around to backing up before Microsoft decides to patch Windows on your behalf. Microsoft says by default, Windows 10 receives updates automatically, \u201cand for customers running previous versions, we recommend they\u00a0turn on automatic updates<\/a>\u00a0as a best practice.\u201d Microsoft doesn\u2019t make it easy for Windows 10 users to change this setting, but\u00a0it is possible<\/a>.<\/p>\n

For all other Windows OS users, if you\u2019d rather be alerted to new updates when they\u2019re available so you can choose when to install them, there\u2019s a setting for that in\u00a0Windows Update<\/strong>.<\/p>\n

As always, if you experience any problems installing any of these updates, please leave a note about your issues in the comments below.<\/p>\n

Additional reading:<\/p>\n

Cisco Talos Intelligence blog take<\/a><\/p>\n

The Zero Day Initiative’s Security Update Review<\/a><\/p>\n

SANS Internet Storm Center<\/a><\/p>\n

Microsoft Security Update Guide<\/a><\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 12 Jun 2018 21:04:05 +0000<\/strong><\/p>\n

Microsoft today pushed out a bevy of software updates to fix more than four dozen security holes in Windows and related software. Almost a quarter of the vulnerabilities addressed in this month’s patch batch earned Microsoft’s “critical” rating, meaning malware or miscreants can exploit the flaws to break into vulnerable systems without any help from users.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[18664,18720,18721,18722,13457,11753,16936],"class_list":["post-12557","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-adobe-flash-player-zero-day","tag-allan-liska","tag-cve-2018-8267","tag-microsoft-patch-tuesday-june-2018","tag-qualys","tag-recorded-future","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12557","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12557"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12557\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12557"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}