home.aspx
 
. https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-december-2018
blog article
MICROSOFT PATCH TUESDAY – DECEMBER 2018
This month the vendor has patched 39 vulnerabilities, 9 of which are rated Critical. As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handling files from unknown or questionable sources. Never visit sites of unknown or questionable integrity. Block external access at the network perimeter to all key systems unless specific access is required. The following is a breakdown of the issues being addressed this month: Cumulative Security Update for Microsoft Browsers Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8583) MS Rating: Critical. A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. READ MORE