Microsoft tops last month’s record with 622 Patch Tuesday CVEs


Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high.

Redmond’s Patch Tuesday release is once again one for the record books, with everything under the sun getting some security fixes – including 428 non-Microsoft Chromium CVEs affecting Edge that aren’t included in that 622 count. Fifty-eight of those are critical, two are under active exploit, and one has already been publicly disclosed, meaning it could join those other two in short order.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload

    October 18, 2018

    Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe. SettingContent-ms is a recent addition to ...

  • Critical Flaws Found in Amazon FreeRTOS IoT Operating System

    October 18, 2018

    A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has ...

  • How Shodan helps identify ICS cybersecurity vulnerabilities

    October 18, 2018

    An industrial control system is essentially a collection of computers that monitor and control industrial systems. They make the world move and help with everything from food processing to transportation to running the espresso maker at your local Starbucks. The challenge is an industrial control system (ICS) can be readily attacked by advanced persistent threat groups, ...

  • CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows

    October 17, 2018

    Trend Micro found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. We’ve worked ...

  • Multiple D-Link Routers Open to Complete Takeover with Simple Attack

    October 17, 2018

    The vendor only plans to patch two of the eight impacted devices, according to a researcher. Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland ...

  • LibSSH Flaw Allows Hackers to Take Over Servers Without Password

    October 16, 2018

    A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving ...