Ramblings of an old Doc
Patch due on November 8th.
Published on November 1, 2016 By DrJBHL In Personal Computing

 

Flash has two 'Zero Day' vulnerabilities which have been used to compromise the security of W10.

"...a group called STRONTIUM performed a spear-phishing attack, but before we go any further, users on the Windows 10 Anniversary Update using the Edge browser should already be protected from it. It used two zero-day vulnerabilities in Flash and the Windows kernel to do the following:

  1. Exploit Flash to gain control of the browser process

  2. Elevate privileges in order to escape the browser sandbox

  3. Install a backdoor to provide access to the victim’s computer

But perhaps the most troublesome issue is that all versions of Windows from Vista through the Windows 10 November Update are vulnerable to these exploits. Microsoft says that it will be offering patches on November 8, which is this month's Patch Tuesday." - Myerson

Once again, Adobe Flash. Also, vulnerabilities in the Windows Kernel. I really hope you have long since gotten rid of  Flash.

If you haven't, do so with dispatch.

 

Sources:

https://www.neowin.net/news/microsoft-responds-to-google-releasing-security-vulnerability-will-patch-it-next-week

https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/

 

 

 


Comments
No one has commented on this article. Be the first!