Two Zero Day vulnerabilities in Flash and the Windows Kernel

Patch due on November 8th.

Published on November 1, 2016 By DrJBHL In Personal Computing

Flash has two 'Zero Day' vulnerabilities which have been used to compromise the security of W10.

"...a group called STRONTIUM performed a spear-phishing attack, but before we go any further, users on the Windows 10 Anniversary Update using the Edge browser should already be protected from it. It used two zero-day vulnerabilities in Flash and the Windows kernel to do the following:

Exploit Flash to gain control of the browser process

Elevate privileges in order to escape the browser sandbox

Install a backdoor to provide access to the victim’s computer

But perhaps the most troublesome issue is that all versions of Windows from Vista through the Windows 10 November Update are vulnerable to these exploits. Microsoft says that it will be offering patches on November 8, which is this month's Patch Tuesday." - Myerson

Once again, Adobe Flash. Also, vulnerabilities in the Windows Kernel. I really hope you have long since gotten rid of Flash.

If you haven't, do so with dispatch.

Sources:

https://www.neowin.net/news/microsoft-responds-to-google-releasing-security-vulnerability-will-patch-it-next-week

https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/

Comments

No one has commented on this article. Be the first!

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!