September Patchday: Microsoft Closes Security Gaps

September Patchday: Microsoft Closes Security Gaps

Overall, the US company closes 81 security gaps in its products. One was exploited by FinFisher products, which sold the Expolit to authorities in its monitoring software FinSpy.

In the course of the regular patchdays, Microsoft fixes in September 81 security-relevant errors in its products, 25 of which are classified as “critical”. Especially bugs are in the .Net framework and a Bluetooth driver.

In addition, the company FinFisher is exploiting a gap in FinSpy, a government-owned monitoring software. The company and the software are controversial because of their commitment in countries with inadequate principles of the law. Nevertheless, the Federal Criminal Police Office is one of the customers of the German-British company.

Other serious errors are found in the Windows Bluetooth driver. They were recently discovered by the security company Armis and designated BlueBorn. Man-in-the-middle attacks can be used to record transmissions via Bluetooth, such as from a keyboard or a headset. However, if the device is sufficiently close to the device, it is also possible to infect other PCs with malware.

Blueborn is thus one of the attack vectors, which can overcome the so-called “Air Gap”. That is, a target system need not be connected to the Internet to be vulnerable. However, the deactivation of all radio interfaces should be common in the protection of corresponding devices, which restricts the danger therefrom.

The .NET error affects all supported versions of Windows and the framework, so it is relevant to all PCs running Windows 7, 8.1, Windows 10, and Windows Server 2008, 2012, and 2016. In addition, bug fixes in Flash Player, BrowserEdge, Internet Explorer, Microsoft Office, Skype, and Exchange Server have been fixed. An overview of the patches with links to all the details provides Microsoft’s Security Update Guide.

You might also like More from author

Leave A Reply

Your email address will not be published.