This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that would then allow for remote code execution. This month, Microsoft released 49 patches and two advisories, with 12 listed as Critical, 35 as Important, one Moderate, and one Low. Of the 49 CVEs, eight were disclosed through the ZDI program.
REF: https://blog.trendmicro.com/trendlabs-security-intelligence/october-patch-tuesday-microsoft-repairs-jet-database-engine-bug-win32k-eop-zero-day/
沒有留言:
張貼留言