The start of 2018 has been, without a shadow of a doubt, marked by Meltdown and Spectre, two hidden vulnerabilities in the Intel processors, AMD and ARM, which allow access to data in the storage of different applications in execution and even in the kernel of the operative system. After a long week, the security patches are finally reaching the users and making use of “patch Tuesday”, Microsoft has launched their new January 2018 security patches, which correct many vulnerabilities in the operative system, including Meltdown and Spectre.
As our colleagues from SoftZone told us, Microsoft’s January 2018 first security patches, are already reaching the users, in order to allow them to use the OS in the most secure way.
Without considering the provisional patches for Meltdown and Spectre, these new Windows 7, Windows 8.1 and Windows 10 security patches have fixed 7, 10 and 11 vulnerabilities respectively, all of them categorized as “important”. Moreover, Windows servers versions have also received their security patches (none of the fixed vulnerabilities were critical), as well as Internet Explorer and Microsoft Edge, both of the company’s web browsers, in which they have corrected 2 critical vulnerabilities and 24 critical security errors respectively.
How to update Windows with January 2018 new security patches to correct these vulnerabilities
As the previous months, these updates will reach every user using a Windows version with support (Windows 7, 8 or 10) through Windows Update. If our system is set to receive updates automatically then we won’t have to worry about it and the system will update itself automatically.
If we haven’t set the automatic updates, then we will have to download them manually, through Windows Update, Windows updates tool, or through the Microsoft Update Catalogue, from which we will be able to download the updates and install them manually in the system (very useful if we don’t have Internet connection in a device).
Adobe is also using Patch Tuesday as a way to fix vulnerabilities in Flash
Besides from Microsoft, as it’s usual, Adobe has also made use of this day to fix many security errors in the Flash player, its vulnerable web complement.
More specifically, the new Adobe Flash Player 22.214.171.124 corrects an “important” vulnerability in the complement, which could allow a process to read outside of its memory limits and recover private information, putting in danger users’ privacy.
As we said a couple months ago, Adobe plans to end with flash on 2020, but still, meanwhile, this complement will keep putting us on danger in the network due to its big number of security errors that hide above the surface, so, if we can’t avoid installing it or using it for some reason, at least we should make sure to be using the latest version available so we have a smaller probability of ending up infected.
Have you installed Adobe and Microsoft’s January 2018 new updates?