If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month.
This day, which usually falls on the second Tuesday of each month, is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users alike.
It’s not exactly a big red-letter day for the tech industry but IT professionals and regular consumers mindful of computer security are always eager to know what each Patch Tuesday brings.
For this month of September, Microsoft released fixes for 61 security vulnerabilities, including the promised patch for a zero-day flaw we reported on earlier this month.
Read on to check out the latest Patch Tuesday patches you can’t afford to ignore.
Patch Tuesday – September 2018 Edition
Microsoft just dropped its September patches for a variety of its products. This month, 61 security patches were deployed, 17 rated critical, one for a known zero-day flaw and another for a flaw in the ever-infamous Adobe Flash Player.
As we reported earlier, the zero-day bug (CVE-2018-8440) is a local privilege escalation flaw in Windows Task Scheduler that could allow a local user to gain elevated administrator access and take full control of a machine. Microsoft promised to include the patch in September’s round of fixes and here it is.
Note: “Zero-day” bugs are previously unknown bugs that hackers are already actively exploiting.
Publicly known flaws
Publicly known flaws include a critical remote code execution vulnerability in Windows Graphics Component (CVE-2018-8475 ) that could allow an attacker to take remote control of a computer through a poisoned image file.
Another one is a memory corruption flaw (CVE-2018-8457) vulnerability in the Windows scripting engine and the third publicly known flaw is a denial of service vulnerability in the System.IO.Pipelines (CVE-2018-8409)
Although there are no known instances where hackers have actively exploited these flaws, it’s still critical to patch these bugs as soon as you can since they were marked by Microsoft as “public.”
Other noteworthy patches include fixes for remote code execution bugs in Word and Excel (VE-2018-8430, CVE-2018-8331) and a fix for another critical remote code execution vulnerability in Windows Hyper-V (CVE-2018-0965).
Adobe Flash Player
And as usual, there’s another included patch for Adobe’s notoriously hackable Flash Player.
This time around, an important patch for a Flash Player information disclosure flaw (ADV180023) that affects plug-ins for Chrome, Firefox, Edge, and IE11.
In this day and age, you shouldn’t be relying on Flash Player too much but if you still are, make sure you are at least on version 22.214.171.124.
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.
If you want to check, here’s how:
- On Windows 10, click Start (Windows logo)
- Choose “Settings”
- Select “Update & Security”
- On the “Windows Update” section, select “Check for Updates.”
Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
–> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 126.96.36.199.
A big change in Chrome 69 can put you at risk
To celebrate Chrome’s 10th birthday, Google just released version 69 for desktops, Android and iOS. Although most of the changes are welcome, there’s one subtle tweak that has many concerned Chrome users up in arms. Tap or click here to find out what it is and how to fix it.