{"id":13823,"date":"2018-11-14T07:17:01","date_gmt":"2018-11-14T15:17:01","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/11\/14\/news-7590\/"},"modified":"2018-11-14T07:17:01","modified_gmt":"2018-11-14T15:17:01","slug":"news-7590","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/11\/14\/news-7590\/","title":{"rendered":"Patch Tuesday, November 2018 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Wed, 14 Nov 2018 13:25:13 +0000<\/strong><\/p>\n

Microsoft<\/strong> on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows<\/strong> and other Microsoft products. Adobe<\/strong>\u00a0also has security patches available for Flash Player<\/strong>, Acrobat<\/strong> and Reader<\/strong> users.<\/p>\n

\"\"As per usual, most of the critical flaws — those that can be exploited by malware or miscreants without any help from users — reside in Microsoft’s Web browsers Edge<\/strong> and Internet Explorer<\/strong>.<\/p>\n

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability (CVE-2018-8589<\/a>) that is already being exploited to compromise\u00a0Windows 7<\/strong> and Server 2008<\/strong> systems.<\/p>\n

The other is a publicly disclosed bug in Microsoft’s Bitlocker<\/strong> encryption technology (CVE-2018-8566<\/a>) that could allow an attacker to get access to encrypted data. One mitigating factor with both security holes is that the attacker would need to be already logged in to the targeted system to exploit them.<\/p>\n

Of course, if the target has Adobe Reader or Acrobat installed, it might be easier for attackers to achieve that log in. According to analysis<\/a> from security vendor Qualys<\/strong>, there is now code publicly available that could force these two products to leak a hash of the user’s Windows password (which could then be cracked with open-source tools). A new update<\/a> for Acrobat\/Reader fixes this bug, and Adobe has published some mitigation suggestions<\/a> as well.<\/span><\/p>\n

In addition, Adobe pushed out a security update<\/a> for Windows, Mac, Linux and Chrome versions of\u00a0Flash Player<\/strong>. The update fixes just one vulnerability in Flash, but I’m sure most of us would rather Flash died off completely already. Adobe said it plans to end support for the plugin in 2020. Google Chrome<\/strong> is now making users explicitly enable Flash every time they want to use it, and by the summer of 2019 it will\u00a0make users go into their settings to enable it<\/a> every time they want to run it.<\/p>\n

KrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases monthly security updates before installing the fixes, with the rationale that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.<\/p>\n

Windows 10<\/strong> likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn\u2019t make it easy for Windows 10 users to change this setting,\u00a0but it is possible<\/a>. For all other Windows OS users, if you\u2019d rather be alerted to new updates when they\u2019re available so you can choose when to install them, there\u2019s a setting for that in Windows Update<\/strong>.<\/p>\n

In either case, it’s a good idea to get in the habit of backing up your data before installing Windows updates. Unlike last month, when many Windows users saw the contents of their “My Documents” folder erased by a buggy update, I’m not aware of any major issues this time around.<\/p>\n

If you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there\u2019s a good chance other readers have experienced the same and may even chime in here with some helpful tips.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Wed, 14 Nov 2018 13:25:13 +0000<\/strong><\/p>\n

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe’s also got security patches available for Flash, Acrobat and Adobe Reader users.\u00a0<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[20147,20148,11415,20149,13457,17220,16936],"class_list":["post-13823","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-cve-2018-8566","tag-cve-2018-8589","tag-flash-player","tag-microsoft-patch-tuesday-november-2018","tag-qualys","tag-security-tools","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13823"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13823\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13823"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}