There has been a lot of activity since October’s Patch Tuesday. During that short period of time, Oracle released its quarterly CPU, including an update for Java JRE; Adobe resolved a zero-day in Flash Player; a security researcher identified a new form of attack called Atombombing, and there has been some rising discussion around the Server 2016 servicing model. The week following Patch Tuesday, the week of October 17th, Oracle released its quarterly CPU, resolving … More
Source: helpnetsecurity

Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild. According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security sandbox escape, and can be triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to … More
Source: helpnetsecurity

The leaves aren’t the only things changing this October. Patch Tuesday is here and with it comes some interesting updates from big names in the software space. This month, Microsoft implemented Servicing Model changes, Adobe changed distribution of Adobe Flash and announced this will be the last month of updates for the ESR branch of Flash Player, and in the next week or so, Oracle will reveal its Quarterly Critical Patch Update. What changed this … More
Source: helpnetsecurity