Microsoft has during Patch Tuesday of March 14 released updates, which together 45 vulnerabilities in Windows, Office, Exchange and Internet Explorer fix, including the Stuxnet leak from 2010 and the recently discovered FREAK leak. Especially re-patching the Stuxnet leak creates experts in amazement.Through the vulnerability knew the Stuxnet worm and the Fanny-espionage worm to spread.
Only connect a USB stick that made the leak abuse was sufficient to infect Windows, even stood Autorun and Autoplay disabled. It was in fact a whole new way to attack Windows computers. In 2010, Microsoft came up with an update for the leak, but this patch showed the vulnerable code is not corrected, allowing Windows computers all the time were vulnerable, so warn researchers from HP.
There is also an update to the " FREAK-leak "in SSL / TLS appeared. Through the vulnerability, an attacker who is between a target and the Internet is in some cases the encryption of the encrypted connection to downgrade to a weak encryption to crack then that and to see the encrypted traffic.
Other vulnerabilities
In addition to the update for the Stuxnet leak four other updates are labeled as critical. Through these updates fix vulnerabilities that an attacker in the worst case can take over the entire system. It comes to vulnerabilities in Internet Explorer, the VBScript Scripting Engine in Windows, Adobe Font Driver and Office. In the case of one of the IE-leakage was the vulnerability already publicly known before the patch appeared. Through other vulnerabilities that Microsoft patched attackers could increase their rights to systems retrieve information, cause a denial of service and bypass security measures.Can update via Windows Update .
No comments:
Post a Comment