Skip to main content

Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked.

By Editor

Microsoft earlier this month released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products.
This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity.
In a nutshell, your Windows computer can be hacked if you:
Play a video file — thanks to flaws in Microsoft Media Foundation and Windows Codecs
Listen to audio — thanks to bugs affecting Windows Media Audio Codec
Browser a website — thanks to 'all time buggy' Internet Explorer
Edit an HTML page — thanks to an MSHTML Engine flaw
Read a PDF — thanks to a loophole in Microsoft Edge PDF Reader
Receive an email message — thanks to yet another bug in Microsoft Outlook
But don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu → open Settings → click Security and Update, and install if any new update is available.
Install Updates! Two Zero-Days Under Active Attacks
Another reason why you should not ignore this advice is that two of the security flaws have reportedly been exploited by hackers in the wild and one publicly known at the time of release.

Cybersecurity
According to Microsoft, one of the zero-day vulnerabilities under active attack is a remote code execution bug that resides in the scripting engine's library jscript9.dll, which is used by default by all versions of Internet Explorer since IE9.
The vulnerability, tracked as CVE-2020-1380, was spotted by Kaspersky Labs and has been rated critical because Internet Explorer remains an important component of Windows as it still comes installed by default in the latest Windows.
Kaspersky researchers explain that the flaw is a use-after-free vulnerability in JScript that corrupts the dynamic memory in Internet Explorer in such a way that an attacker could execute arbitrary code in the context of the current user. So, if the current user is logged in with administrative privileges, the attacker could control the affected system.
"An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements," Microsoft says in its advisory.
Exploited by unknown threat actors as part of 'Operation PowerFall' attacks, a proof-of-concept exploit code, and technical details for the zero-day vulnerability have been published by Kaspersky.
The second zero-day vulnerability—tracked as CVE-2020-1464 and under active exploitation—is a Windows spoofing bug that exists when Windows incorrectly validates file signatures.

This zero-day bug affects all supported versions of Windows and allows attackers to load improperly signed files by bypassing security features intended to prevent incorrectly signed files from being loaded.
Besides these, notably, the batch also includes a critical patch for an elevation of privilege flaw affecting NetLogon for Windows Server editions, where this RPC service serves as a domain controller.
Tracked as 'CVE-2020-1472,' the vulnerability can be exploited by unauthenticated attackers to use Netlogon Remote Protocol (MS-NRPC) to connect to a Domain Controller (DC) and obtain administrative access to run malicious applications on a device on the network.
Home users and server administrators are strongly recommended to apply the latest security patches as soon as possible to prevent malware or miscreants from exploiting and gain complete remote control over their vulnerable computers.



THN



#osutayusuf

Comments

Post a Comment

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

By Editor
📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed
Post a Comment
Read more

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

By Editor
POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.
Post a Comment
Read more

How to Host a Website for Free From Your PC or Laptop.

By Editor
Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c
Post a Comment
Read more