Hacker News: Microsoft Finally Releases Security Patches For Publicly-Disclosed Critical Flaws


After last month’s postponement, Microsoft’s Patch Tuesday is back with a massive release of fixes that includes patches for security vulnerabilities in Windows and associated software disclosed and exploited since January’s patch release.

Meanwhile, Adobe has also pushed out security updates for its products, releasing patches for at least seven security vulnerabilities in its Flash Player software.

Microsoft patched a total of 140 separate security vulnerabilities across 18 security bulletins, nine of them critical as they allow remote code execution on the affected computer.

Microsoft Finally Patches Publicly Disclosed Windows Flaws

Among the “critical” security updates include a flaw in the SMB (server message block) network file sharing protocol, which had publicly disclosed exploit code since last month. The original patch released last year for this flaw was incomplete.

The flaw is a memory corruption issue that could allow remote code execution (RCE) of a malicious code if an attacker sends specially crafted messages to a Microsoft SMBv1 server.

All versions of Microsoft Windows are affected by this issue that could allow a remote, unauthenticated attacker to crash systems with denial of service attack.

Microsoft admitted: “Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.”

Microsoft patched the vulnerability but did not credit Laurent Gaffié, who found the flaw last year and released the exploit code in February.

Microsoft Also Patches Flaws Uncovered By Google

Another critical patch (MS17-013) contains a dozen of serious flaws in Windows’ Graphics Component GDI Library used in Office, Skype, Lync, and Silverlight.

The flaws reside in the way Windows handles certain image files. Hackers can exploit the weaknesses to achieve remote code execution on your system by making you visit a booby-trapped website or open a malware-ridden document. No further user interaction is needed.

Google’s Project Zero also disclosed this flaw with proof-of-concept exploit late last month before Microsoft had fixed it.

All supported releases of Microsoft Windows back to Windows Vista are vulnerable to this flaw. The tech giant originally patched this issue in June last year, but the patch was incomplete.

Microsoft also patched seven other critical flaws, including two cumulative updates for Internet Explorer and its Edge browser, and nine important ones.

In late last month, Google’s Project Zero research team publicly disclosed details and proof-of-concept exploit for a code execution flaw in Microsoft’s Internet Explorer and Edge browsers that could allow attackers to cause a crash of the browsers.

Meanwhile, Adobe also released patches for its Flash Player software for Windows, Macintosh, Linux and Chrome OS.

Users are advised to apply Windows as well as Adobe patches to keep away hackers and cybercriminals from taking control over your computer.

Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Forbidden History: Russian Truth Code and Goddess Lada, the First Lady

Thanks for sharing a lovely post, I knew Russian culture and history had been suppressed since the Romanovs, and subverted/ falsified by Europe under Peter the Great’s extensive reforms.
There’s so much forbidden history that’s finally coming to light, thank you Lada for sharing this very cool story about Goddess Lada! XD

Futurist Trendcast

Finally, we are able to delve further into one of the reader most requested topics, FORBIDDEN vs. TRUE HISTORY & LINGUISTICS. This report is a continuation of one of FuturisTrendcast’s most popular articles: Forbidden History: Are Scandinavians Slavs?

Over the past 3 years many have asked me about the meaning and mystery of my name. Some of my astute readers have figured it out on their own. This is evident when some of you call me ‘Lady Lada.’ 😉

Today, I want to tell you the whole story…

Goddess Lada2

Goddess Lada – Russian painting

The ancient Russian Vedic Goddess Lada is often depicted with white swans or white doves. Lada is very powerful and her Earthly responsibilities are many. She is in charge of such uplifting things as: spring and summer, sun, harmony and balance, goodness, friendship and good will, love and happy marriage, overcoming obstacles, smooth sailing, positivity and good…

View original post 5,645 more words