Microsoft and Adobe delivered the November issue of Patch magazine Tuesday with another set of security fixes that will be installed as soon as possible.
The trick is to test and implement remedies before exploits are developed to mobilize vulnerabilities.
BitLocker issues and TFTP problems for Redmond
This month, Microsoft launched solutions for 62 listed CVE vulnerabilities for both workstations and Windows, Office, Edge, and Internet Explorer server editions.
Among the 62 bugs are opting for the Chakra scripting engine in the Edge browser. Each of the vulnerabilities are remote execution flaws that, if exploited by a malicious web page, allow the attacker to run malware and perform actions on the infiltrating machine with the registered user's permission level. All are listed as "critical" risks.
Critical tag winning was also CVE-2018-8476, a remote code execution fault in the Trivial File Transfer Protocol (TFTP). Jimmy Graham, product manager at Qualys security firm, says administrators who install and remotely manage Windows boxes on a network will want to pay close attention to this solution.
"Microsoft's Windows Deployment Services (WDS) uses TFTP to support image deployment through PXE booting," Graham explained.
"The patch for CVE-2018-8476 should be a priority if WDS is used in your environment."
Also, remote code bugs were patches in Microsoft Graphics Component (CVE-2018-8553), Dynamics 365 (CVE-2018-8609), and Windows VBScript Engine (CVE-2018-8584).
Administrators will also want to make sure that they have the publicly disclosed patches from CVE-2018-8584 (a privilege escalation flaw published in Windows ALPC), CVE-2018-8566 (BitLocker encryption bypass), and CVE-2018-8589 a Win32k altitude of the privileged bug already targeted in the wild).
Elsewhere, Microsoft correlated two remote code execution errors in Word (CVE-2018-8539, CVE-2018-8573), four cross-scripting failures in Dynamics 365 (CVE-2018-8605, CVE-2018- 8606, CVE-2018 -8607, CVE-2018-8608), a denial of service error in Skype for business (CVE-2018-8546) and two PowerShell errors that could allow remote code execution (CVE-2018-8256 , CVE-2018-8415).
Adobe posts a trio of updates
Adobe marked Patch Tuesday, launching corrections for three of the most popular products.
For Flash Player, the update will refer to CVE-2018-15978, an overflow reading error that could allow an attacker to see sensitive data.
For Acrobat and Reader, the November patch releases CVE-2018-15978, a disclosure defect that would allow attackers to pick up the NTLM single sign-on password hashes. The test code of the concept has been posted for defect, but no attacks have been reported yet in the wild.
Finally, for Photoshop CC, an update will clarify CVE-2018-15980, a malfunction that can not be read, which would allow disclosure of information. ®