Patch Tuesday Brings Fixes for Adobe, Spectre
Microsoft has fixed a half century of vulnerabilities for this month’s patch update round, including one publicly disclosed bug and one being exploited in the wild.
Adobe patched zero-day vulnerability CVE-2018-5002 in an out-of-band update last week so admins are urged to apply Flash Player update APSB18-19 as soon as possible to fix this and three other bugs.
RCE flaw CVE-2018-8267 is a Scripting Engine Memory Corruption Vulnerability disclosed without a patch on June 1. Affecting all version of Internet Explorer, it should also be prioritized.
Allan Liska, senior solutions architect at Recorded Future, claimed that Windows Domain Name System (DNS) bug CVE-2018-8225 could allow an attacker to take control of an affected machine and should also be put high on the to-do list.
He also flagged Edge vulnerability CVE-2018-8229.
Ivanti director of product management, Chris Goettl, pointed to new Meltdown and Spectre mitigations against Spectre Variant 4 (CVE-2018-3639) vulnerabilities.
“This was the series of 8 additional Spectre vulnerabilities discovered a few weeks ago that allow for Speculative Store Bypass,” he added. “Similar to the last round of Meltdown and Spectre fixes the guidance from Microsoft is to apply the OS updates, apply latest microcodefirmware updates, then turn on mitigation for Variant 4. They do warn about the possibility of performance impact once again.”
Source: Information Security Magazine