Microsoft issues one of its important security updates

Microsoft revealed one of its prominent security updates, repairing 50 defects in its products and 26 extra in Flash Player, which is packaged with its Edge browser.

The scraps are divided into 14 security news, covering the one devoted to Flash Player, seven of which are considered hazardous. They discuss defects in Windows, Internet Explorer, Microsoft Edge, Microsoft Exchange, Microsoft Office and Microsoft Office web services and apps.

For desktop utilization, managers should prioritize the dilemmas for Internet Explorer, which are included in the MS16-104 bulletin, Microsoft Edge, Microsoft Office, Microsoft Graphics Component, OLE Automation for VBScript Scripting Engine and Adobe Flash Player.

This is since these defects can be utilized to manage remote code execution by cheating users to tour bargained websites or to open individually crafted records. These are two of the very basic virus vectors applied in malware attacks.

One of the Internet Explorer and Edge defects could be used for learning exposure in a venture series. Microsoft sees in its report that still this defect has not been openly revealed, it has been used. The company did not give more reports regarding attacks supporting it.

The security update for Silverlight should also be prioritized even if though it’s considered as serious, somewhat than critical. The covered defect could also direct to remote code execution if a user tours a compromised website that carries a uniquely crafted Silverlight application.

On the server front, managers should concentrate on the update for Microsoft Exchange, which covers critical defects in the Oracle Outside In Technology (OIT). This is a set of software development kits (SDKs) that can be used to obtain, normalize, remove, change and see unorganized file formats.

Researchers from Cisco’s Talos team observed and recorded defects in Oracle OIT in the beginning of this year, signaling that they change products from many merchants, including Microsoft Exchange. Oracle issued scraps for these defects in July and Microsoft has now shipped those fixes. The Oracle OIT defects can be used to do remote code execution by only giving an email with a uniquely crafted attachment to a weak Exchange server.

In a blog post, Amol Sarwate, the director of defect labs at Qualys said:

“The Office update should also be on server administrators’ radar because it applies to Microsoft SharePoint Server 2007, 2010 and 2013 and the flaws it covers could allow attackers to take complete control of such servers by using the Word and Excel automation service. Server admins should also look at the update for Microsoft Graphics Component (MS16-106), which affects Windows servers, and at MS16-110 which applies to Server 2008 and 2012 and allows attackers with domain user account to could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.”

- Advertisement -
c5d094d2086cdf56ad5c1380e5317d2e?s=96&r=g - Microsoft issues one of its important security updates
Adeel Younas
Editor-in-Chief at TechWafer (previously The Tech) an Entrepreneur, Blogger, Developer, and Freelancer.

Recent Articles

OPPO launches Enco W51 headphones loaded with exciting features

Hoping to connect users' lives in a smarter way, OPPO launches a new entrant as part of its IoT strategy – OPPO Enco W51....

realme C17 launched with 90Hz Display, 6GB RAM and 128GB Storage

realme has finally launched the most affordable realme C17 with 6 GB + 128 GB large storage & 90Hz ultra-smooth punch-hole display at an...

HUAWEI Y9a – the Midrange King Goes on Sale across Pakistan Today

The HUAWEI Y series continues to exceed expectations of young consumers all over Pakistan. It is touted as a worthy digital companion that flouts...

TECNO’s has launched its Hero Phone Spark 6 in Pakistan

TECNO has launched its awaited Hero Phone Spark 6 – a mid-range phone with 6 upgraded features at the BOL game show- hosted by...

realme C17 6 GB + 128 GB smartphone is launching online 23rd Sep

realme introduced the C12 back in August. Now the company is set to further expand its C series with the launch of...



Leave A Reply

Please enter your comment!
Please enter your name here