QUOTE OF THE DAY
“A scientist in his laboratory is not a mere technician: he is also a child confronting natural phenomena that impress him as though they were fairy tales.” ~ Marie Curie
MICROSOFT FIXES ZERO-DAY VULNERABILITY
THE STORY
In a November security update, Microsoft released a fix for zero-day vulnerability that is CVE-8589 | Windows Win32k Elevation of privilege vulnerability.
HOW IT WORKS?
The reason for elevation of privilege vulnerability to occur is when Windows does not handle calls properly to Win32k.sys.
The malicious attackers, who can get their hands on this vulnerability can execute an arbitrary code in local system to gain access. After which, hackers gain control to the system, and could easily install, view, manipulate and steal data.
In this November security update, Microsoft has addressed CVE-8589, the issue how Windows handles calls to Win32k.sys and released many other fixes as well. This security update is released for the following updates:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- .NET Core
- Skype for Business
- Azure App Service on Azure Stack
- Team Foundation Server
- Microsoft Dynamics 365 (on-premises) version 8
- PowerShell Core
- PowerShell.Archive 1.2.2.0
WHAT SOFTWARE VERSIONS ARE AFFECTED BY THIS VULNERABILITY?
Software versions or editions that are affected by zero-day vulnerability are:
- Microsoft Windows 7 for 32-bit Systems SP1
- Microsoft Windows 7 for x64-based Systems SP1
- Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
- Microsoft Windows Server 2008 R2 for x64-based Systems SP1
- Microsoft Windows Server 2008 for 32-bit Systems SP2
- Microsoft Windows Server 2008 for Itanium-based Systems SP2
- Microsoft Windows Server 2008 for x64-based Systems SP2
MICROSOFT RESUMES ROLLOUT OF WINDOWS 10 OCTOBER 2018 UPDATE
THE STORY
Microsoft Windows 10 October 2018 update re-released after resolving missing files bug.
WHY WAS THE UPDATE PAUSED?
Microsoft earlier stopped the Windows 10 October update because of reports of missing files after updating. Well, the issues have been resolved and the Windows 10 October update is live back again.
On resuming the rollout, John Cable, Director of Program Management, Windows Servicing and Delivery stated:
“In addition to extensive internal validation, we have taken time to closely monitor feedback and diagnostic data from our Windows Insiders and from the millions of devices on the Windows 10 October Update, and we have no further evidence of data loss.”
To be on the safe side, Microsoft is also planning Windows update status dashboard. So that, users can be provided with more information on any issues and fixes.
WHAT OTHER STEPS WERE TAKEN?
Microsoft has fully investigated all the feedbacks and reports and has fixed all other known issues has well. For this they have conducted an internal validation.On this, earlier this week, while re-releasing the update for Windows Insiders, John Cable published a blog post by saying:
“Microsoft Support and our retail stores customer service personnel are available at no charge to help customers.”
With this update Microsoft has also re-released Windows Server 2019 and Windows Server, version 1809.
