As usual, every Tuesday of every month Microsoft releases essential security updates. This month is the last update batch for 2017 and it brings over 30 security vulnerabilities fixes for users of Windows, Office, Exchange Server, Edge and even the protection engine against malware for products such as Windows Defender.
More on the last fix of the year by Microsoft
The fix for malware protection engine has been released after a security hole was discovered by the National Cyber Security Centre (NCSC), which it is part of UK”S intelligence agency: GCHQ.
Experts working for the NCSC discovered a new way to explore two critical remote code execution flaws for anti-malware code. The malware identified could have been activated while scanning a booby trapped file and, thus, the hacker managed to compromise the targeted systems.
When will users receive the update?
Windows users should have already received the update automatically. Other critical flaws addressed this month, apart from the malware to the software’s engine, included memory corruption vulnerability in Microsoft Edge browser.
As explained by the Microsoft team, attackers could have exploited the vulnerability and gain the same access as users.
Adobe Flash Player has also received an update patch
Despite plans to terminate Flash Player by 2020, Adobe is still releasing security patches. This December update patch contains only one bug fix of moderate severity.
Some people do not use Flash Player anymore, especially after the security scandals happening over the past few years.
Even so, those who still use Flash Player have to keep an eye for the newest updates and install them manually, if the automatic installing is disabled.
When the software is automatically updated, it makes hackers’ job harder, as it reduced their chances of exploiting new discovered files and gain access to private information.
