- Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities
Monthly security update for February 2018 has been released by Microsoft which addressing a total of 50 CVE-listed vulnerabilities in its Windows operating system, Microsoft Office, web browsers and other products. According to the Microsoft’s Patch Tuesday, fourteen of the securities updates are listed as critical, 34 are rated as important, and 2 of them are rated as moderate in severity. The critical update patches serious security flaws in Edge browser and Outlook client, an RCE in Windows’ StructuredQuery component, and several memory corruption bugs in the scripting engines used by Edge and Internet Explorer.
Cyber Security Tips: Users and administrators are strongly advised to apply security patches as soon as possible to keep hackers and cyber-criminals away from taking control of their computers.
- Microsoft Won’t Patch a Severe Skype Vulnerability Anytime Soon
Skype is a telecommunications application software product that specializes in providing video chat and voice calls between computers, tablets, mobile devices, the Xbox One console, and smartwatches via the Internet and to regular telephones. According to the report published by Hacker News, a serious vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could potentially allow attackers to gain full control of the host machine by granting system-level privileges to a local, unprivileged user. According to the researcher, a potential attacker could exploit the “functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories. Successful exploitation could allow the attacker to hijack the update process by downloading and placing a malicious version of a DLL file into a temporary folder of a Windows PC and renaming it to match a legitimate DLL that can be modified by an unprivileged user without having any special account privileges.
Cyber Security Tips: Until the company issues an all-new version of Skype client, users are strongly recommended to exercise caution and avoid clicking on attachments provided in an email. Also, make sure you run appropriate and updated anti-virus software that offers some defense against such attacks.