Casa > cibernético Notícias > Feb 9 patch Tuesday – da KB 3134220 para KB 3133043
CYBER NEWS

fevereiro 9 patch Tuesday – da KB 3134220 para KB 3133043

em fevereiro Patch Tuesday já é um fato. Vamos ver o que a 13 boletins de segurança recém-lançado pela Microsoft são todos sobre.

patch-terça-feira-tia-irma-sensorstechforum

Primeiramente, MS16-FEB tem tido o cuidado de falhas no Windows, Internet Explorer e Edge navegador do Windows 10. Six of the patches are critical and, não surpreendentemente, they address remote code execution vulnerabilities.

Preceding Patch Tuesdays:
janeiro 12
dezembro 8
novembro 10

One update that shouldn’t be neglected is the cumulative one for Internet Explorer – KB 3134220. Contudo, not much is said about the specifics of fixed vulnerabilities. The same goes to the rest of the updates’ descrições. Scarcity is what describes them best. Não obstante, let’s hope nothing goes wrong while updating, or afterwards for that matter.

Cumulative Security Update for Internet Explorer – KB 3134220

This update is considered critical and it requires restart.

Descrição oficial:

This security update resolves several reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer.

Mais (not really relevant) information about KB 3134220 está disponível em Microsoft Support page.

Cumulative Security Update for Microsoft Edge – KB 3134225

This update is also critical and requires restart.

Descrição oficial:

This security update resolves multiple vulnerabilities in Microsoft Edge. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Microsoft Edge.

Security update for Microsoft Windows PDF Library to address remote code execution – KB 3138938

Another critical update that may require restart.

Descrição oficial:

Esta atualização de segurança resolve vulnerabilidades no Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library incorrectly handles application programming interface (API) chamadas. This could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights. Contudo, an attacker would be unable to force users to download or open a malicious PDF document.

Security Update for Windows Journal to Address Remote Code Execution – KB 3134811

A critical update that addresses remote code execution and may require restart after installation.

Descrição oficial:

Esta atualização de segurança resolve uma vulnerabilidade no Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Security Update for Microsoft Office to Address Remote Code Execution – 3134226

A critical update that may require restart.

Descrição oficial:

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Security Update for Adobe Flash Player – KB 3135782

A critical update that resolve remote code execution and requires restart.

Descrição oficial:

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, janelas 8.1, Windows Server 2012 R2, Windows RT 8.1, e Windows 10.

Security Update for Microsoft Windows to Address Remote Code Execution – KB 3134228

This update is classified as important. It addresses remote code execution flaws in Windows. It would be nice if more information is provided about updates resolving flaws in Windows.

Descrição oficial:

This security update resolves vulnerabilities in Windows. A vulnerabilidade mais severa pode permitir a execução remota de código se um invasor conseguir fazer logon em um sistema de destino e executar um aplicativo especialmente criado.

Security Update for WebDAV to Address Elevation of Privilege – KB 3136041

An important update that resolves elevation of privilege issues, and may require restart.

Descrição oficial:

Esta atualização de segurança resolve uma vulnerabilidade no Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.

Security Update for Remote Desktop Display Driver to Address Elevation of Privilege – KB 3134700

An important update that resolves elevation of privilege issues, requires restart.

Descrição oficial:

Esta atualização de segurança resolve uma vulnerabilidade no Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. Por padrão, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege – KB 3136082

An important update that addresses elevation of privilege and requires restart.

Descrição oficial:

Esta atualização de segurança resolve uma vulnerabilidade no Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Security Update for .NET Framework to Address Denial of Service – KB 3137893

An important update that addresses denial of service flaws, and may require restart.
Descrição oficial:

This security update resolves vulnerabilities in Microsoft .NET Framework. The more severe of the vulnerabilities could cause denial of service if an attacker inserts specially crafted XSLT into a client-side XML web part, causing the server to recursively compile XSLT transforms.

Security Update for Active Directory Federation Services to Address Denial of Service – KB 3134222

An important update that addresses denial of service flaws, and may require restart.

Descrição oficial:

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.

Security Update for NPS RADIUS Server to Address Denial of Service – KB 3133043

An important update that addresses denial of service flaws, and may require restart.

Descrição oficial:

Esta atualização de segurança resolve uma vulnerabilidade no Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...