Microsoft Corporation (MSFT) Releases Five Critical Security Patches
Microsoft Corporation (NASDAQ:MSFT) finally sealed a vulnerability exploited by Stuxnet, that left machines exposed to exploitations since 2010, with the release of a patch on Patch Tuesday. The released Stuxnet Patch was part of 14 bulletins that were released by the Redmond-based company
Microsoft Corporation (NASDAQ:MSFT) ranks five of the released bulletins as critical, made of a roll up for Internet Explorer as well as a solution for a recently revealed FREAK attack. There was also good news with the addition of SHA-2 code signing support on Windows 7 and Windows Server 2008 R2 as current versions of the platform already have the support feature.
The Freak attack patch addresses forces that caused systems to downgrade the key length of an RSA key to a crackable 512 bits. Initially, it was believed that Freak was confined to SSL clients, but a warning was later issued about Shannel’s exposure.
However, the highest profile bulletin release has to be MS15-020 that solves issues accrued from the original Stuxnet patch CVE-2010-2568 as the patch covers two code execution vulnerabilities. One of the solutions will address how Windows handles the loading of DLL files, while the other one handles how Windows Text Services improperly handled objects in memory.
Internet Explorer Patch
Microsoft Corporation (NASDAQ:MSFT) has also addressed a number of memory corruption and elevation of privileges vulnerabilities in Internet Explorer with the release of the IE bulletin MS15-018. The fix modifies the way the browser hands objects in memory by essentially modifying how the VBScript scripting engine handles objects in memory.
Vulnerability on Windows VBScript Scripting engine that could lead to remote code execution was also patched with MS15-019. The Microsoft Corporation (NASDAQ:MSFT) Office also received a fix for a critical remote code execution vulnerability with Adobe Font also being patched by the critical bulletin MS15-021.
Critical RCE vulnerabilities are usually exploited online, by taking advantage of a flow in the way that a given driver improperly overwrites objects in memory. None of the vulnerabilities have been disclosed nor exploited in truth.
Latest posts by Viraj Shah (see all)
- Tesla Motors Inc (NASDAQ:TSLA)’s Elon Musk Is Going After Semi Truck Industry - November 17, 2017 04:37 AM PDT
- Tesla Motors Inc (NASDAQ:TSLA) Is Not “Hotbed for Racist Behavior” - November 15, 2017 06:58 AM PDT
- Nikola Tesla and Tesla Motors Inc (TSLA) – The Past & Future of the World You Cannot Ignore- Part 1 - May 15, 2017 05:11 AM PDT