Microsoft Pulls Several Crash Causing Updates
The updates KB2863821 and KB4461522 for Office 2010 were pulled from November’s Patch Tuesday because they were causing crashes for some users. Is this going to become a regular event? Microsoft had to pause last month’s update after Windows 10 feature update (1809) deleted user’s personal files.
On the Microsoft website, a notice says:
After you install this update, you may experience crashes in Microsoft Access or other applications. To resolve this issue, uninstall the update by following the instructions in the “More information” section.
This update is no longer available.
Emoji DoS on Skype for Business?
Much like a vulnerability Microsoft addressed in 2015, Skype for Business can be crashed using emojis. According to SEC Consult, “When receiving about 800 kittens at once, your Skype for Business client will stop responding for a few seconds. If a sender continues sending emojis, your Skype for Business client will not be usable until the attack ends.”
Basically, with a script set to spam emojis at the Skype for Business Client, someone could shut down a vital component of your work communications. Skype is used for everything from internal calls, like staff conferences, to external calls, like a client meeting.
If your company relies on Skype for Business, patch immediately. The vulnerability, CVE-2018-8546, is rated as low severity, but it’s worth mitigating. Better to patch now than be embarrassed by a torrent of adorable kitten emojis later.
Adobe Patches Critical Flash Flaw
Adobe and US-Cert have drawn attention to a critical vulnerability in Flash Player. CVE-2018-15981 is a confusion vulnerability that can be exploited to execute arbitrary code. With a rating of 1, Adobe considers this a severe vulnerability. Update Flash Player to 22.214.171.124 immediately.
It’s important to sweep your devices and identify why run Flash Player. Then deploy the update to all devices that are out of date.
How does Syxsense Realtime Security simplify patching?
An IT manager needs live, accurate, and actionable data to secure their devices. If data is stale, even by just a few minutes, it can leave devices exposed.
Syxsense Realtime Security means have 100% visibility of the current state of your networks. The suite leverages live data for immediate solutions.
Using the AI Assistant, an IT Manager can ask, “Where is Flash Player installed?” A chart will appear showing you how many devices have the searched for software.
Once you know which devices still use Flash, or Skype for Business, or any other software, it’s a simple matter of creating a patch task to deploy required updates to the devices that need them.
Come learn more with a trial of Syxsense Realtime Security.