{"id":7574,"date":"2017-05-09T13:17:22","date_gmt":"2017-05-09T21:17:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/09\/news-1359\/"},"modified":"2017-05-09T13:17:22","modified_gmt":"2017-05-09T21:17:22","slug":"news-1359","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/05\/09\/news-1359\/","title":{"rendered":"Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 18:14:25 +0000<\/strong><\/p>\n

Adobe<\/strong> and Microsoft<\/strong>\u00a0both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually released\u00a0an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being\u00a0called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player<\/strong>\u00a0software available that squashes at least seven nasty\u00a0bugs.<\/p>\n

\"crackedwin\"Last week, Google security researcher Tavis Ormandy<\/strong> reported<\/a> to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront<\/strong>, Microsoft Security Essentials<\/strong> and Windows Defender<\/strong>.\u00a0<\/strong>Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw\u00a0to run their malware automatically once their suspicious\u00a0file is scanned.<\/p>\n

“To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine,” Microsoft warned. “If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned.”<\/p>\n

On May 8, Microsoft released an out-of-band fix<\/a> for the problem, demonstrating unusual swiftness in addressing a serious issue with its software.<\/p>\n

“Still blown away at how quickly @msftsecurity responded to protect users, can’t give enough kudos.” Google’s Ormandy tweeted<\/a> on Monday. “Amazing.”<\/p>\n

In addition to the anti-malware product update, Microsoft today released fixes<\/a> for dangerous security flaws in a range of products, from Internet Explorer<\/strong> and Edge<\/strong> to Windows<\/strong>, Microsoft Office<\/strong>, .NET<\/strong>, and of course Adobe Flash Player.<\/span><\/p>\n

\"brokenflash-a\"The latest Flash Player, v. 25.0.0.171<\/em> for Windows, Mac, Linux and Chrome OS, is available from this link<\/a>. Adobe’s advisory for this update is here<\/a>. If you have Flash installed,\u00a0you should update, hobble or remove Flash as soon as possible. To see which version of Flash your browser may have installed, check out this page<\/a>.<\/p>\n

An extremely powerful and buggy program that binds itself to the browser, Flash is a favorite target of attackers and malware, and failing to keep up with its continuous security updates can leave users dangerously exposed. For some ideas about how to hobble or do without Flash\u00a0(as well as slightly less radical\u00a0solutions) check out\u00a0A Month Without Adobe Flash Player<\/a>.<\/p>\n

If you choose to keep Flash, please update it today.\u00a0Windows users who browse the Web with anything other than Internet Explorer<\/strong> may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).<\/p>\n

Chrome\u00a0<\/strong>and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates in and\/or restart the browser to get the latest Flash version). Chrome users may need to restart the browser to install or automatically download the latest version. When in doubt, click the vertical three dot icon to the right of the URL bar, select \u201cHelp,\u201d then \u201cAbout Chrome\u201d: If there is an update available, Chrome should install it then.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 09 May 2017 18:14:25 +0000<\/strong><\/p>\n

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually issued an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs. Last week, Google security researcher Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[10698,12202,1670,12203,10644,12204],"class_list":["post-7574","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-adobe-flash-player-update","tag-flash-player-25-0-0-171","tag-google","tag-microsoft-patch-tuesday-may-2017","tag-other","tag-tavis-ormandy"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7574"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7574\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}