Microsoft fixes critical remote code execution flaw with latest security patch

Microsoft fixes critical remote code execution flaw with latest security patch

A new set of security patches released by Microsoft on 13th March was among the most comprehensive ones, fixing issues in various critical programmes like Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, Office Services and Web Apps.

Microsoft also announced that from May, it will stop offering security and quality updates for Windows 10 version 1507 and urged all users of the version to upgrade their systems to the latest version of Windows.

Via a blog post on Tuesday, Microsoft announced the release of a series of security patches for critical Windows 10 programmes like Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore and Adobe Flash.

According to Microsoft, the delta package will bring in security patches for Windows 10 version 1607 and newer, and other updates will also be available for older versions of the operating system like Windows RT 8.1 and Microsoft Office RT software, but these will be available via the Windows Update feature.

“After May 9, 2018, customers running Windows 10 version 1507 will no longer receive security and quality updates, with the exception of the Windows 10 2015 LTSB and the Windows 10 IoT Enterprise 2015 LTSB editions. Microsoft recommends that customers with devices running other editions of Windows 10 version 1507 that are no longer supported update these devices to the latest version of Windows 10,” the redmont-based software giant added.

Fix for remote code execution vulnerability

Perhaps the most important security patch introduced by Microsoft this month is one that fixes a code execution vulnerability in the Credential Security Support Provider protocol (CredSSP). According to Microsoft, the vulnerability could allow an attacker with MitM capabilities to gain full access to a Remote Desktop Protocol session.

Naming the vulnerability as CVE-2018-0886, Microsoft said that to be fully protected against the vulnerability, users must enable Group Policy settings on their systems and update their Remote Desktop clients. The Group Policy settings are disabled by default to prevent connectivity problems.

Back in August last year, Microsoft introduced patches for as many as 48 security vulnerabilities across multiple Microsoft products including the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows.

Aside from fixing previously-known vulnerabilities such as CVE-2017-8633 (Privilege Escalation with Windows Error Reporting) as well as CVE-2017-8620 (Windows Search Remote Code Execution Vulnerability), the patches also, for the first time ever, fixed security vulnerabilities on the Linux subsystem under Windows.

ALSO READ: Latest Microsoft Windows update brings in added ransomware protection

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]