Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.
Microsoft issued January 2018 Security Updates that includes patches to fix 16 critical bugs in Microsoft products Office, Word and SharePoint.
Software and hardware vendors have issued advisories and fixes for “Spectre” (speculative execution side-channel attack) and “Meltdown” vulnerabilities, related to recently disclosed CPU processor design flaws.
On Tuesday, Microsoft issued patches to address 53 vulnerabilities, to include 20 critical fixes, as part of November security updates. Also noteworthy was four of the fixes addressed vulnerabilities with known public exploits (CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700).
A global cyber attack using WannaCrypt ransomware worm hit 74 countries, infecting hospitals, businesses, universities and other organizations.