Microsoft Patch Tuesday, February 2018 Edition

科技动态 2018-02-14 阅读原文

Microsofttoday released a bevy of security updates to tackle more than 50 serious weaknesses in Windows , Internet Explorer / Edge , Microsoft Office and Adobe Flash Player , among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users.

February’s Patch Tuesday batch includes fixes for at least 55 security holes. Some of the scarier bugs include vulnerabilities in Microsoft Outlook , Edge and Office that could let bad guys or bad code into your Windows system just by getting you to click on a booby trapped link, document or visit a compromised/hacked Web page.

As per usual, the SANS Internet Storm Center has a handy rundown on the individual flaws, neatly indexing them by severity rating, exploitability and whether the problems have been publicly disclosed or exploited.

One of the updates addresses a pair of serious vulnerabilities in Adobe Flash Player (which ships with the latest version of Internet Explorer/Edge). As KrebsOnSecurity warned last week , there are active attacks ongoing against these Flash vulnerabilities.

Adobe is phasing out Flash entirely by 2020, but most of the major browsers already take steps to hobble Flash. And with good reason: It’s a major security liability. Chrome also bundles Flash, but blocks it from running on all but a handful of popular sites, and then only after user approval.

For Windows users with Mozilla Firefox installed, the browser prompts users to enable Flash on a per-site basis. Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user’s preference on subsequent visits.

The latest standalone version of Flash that addresses these bugs is for Windows, Mac, Linux and Chrome OS. But most users probably would be better off manually hobbling or removing Flash altogether, since so few sites actually require it still. Disabling Flash in Chrome is simple enough. Paste “ chrome://settings/content ” into a Chrome browser bar and then select “Flash” from the list of items. By default it should be set to “Ask first” before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.

People running Adobe Reader or Acrobat also need to update, as Adobe has shipped new versions of these products that fix at least 39 security holes . Adobe Reader users should know there are alternative PDF readers that aren’t so bloated or full of security issues. Sumatra PDF is a good, lightweight alternative.

Experience any issues, glitches or problems installing these updates? Sound off about it in the comments below.

Security Bloggers Network

责编内容by:Security Bloggers Network阅读原文】。感谢您的支持!


2017 年下半年 NAND Flash 供货吃紧,第 4 季缺货情况更加剧... 【Technews科技新报】随着时序进入下半年的传统旺季时期,2017 年上半年仍旧处于供需不平衡的 NAND Flash 预计还将会继续涨价...
Roll-out plan for HTML5 by Default Four months ago we announced that we’d be moving to HTM...
大量APP“越界”, 有浏览器可随时随地给用户录... 南都将“王者荣耀视频网”简介告知、安装弹框、xml文件、相关代码行等四处获取的权限一一列出对比。 安卓应用商店中,通常要求开发者填写“权限列表...
Weekly Nikon news flash #425 → New Meike Nikon F-mount to MFT lens adapter announced. → The ...
Rear Plates Of Moto E4 Plus Leak In New Real-Life ... Two real-life photographs depicting what’s said to be the rear plate of theM...