Microsoft has issued its Patch Tuesday release for October that contains fixes for five zero-day vulnerabilities among a total of 45 flaws that the 10 bulletins are intended to fix.
One of the patches is for a flaw being exploited by the AdGholas malvertising campaign, six months after security software company Proofpoint and researcher Kafeine detected and reported the flaw.
Proofpoint claimed that, although the firm (along with Kafeine) identified the vulnerability in April, it had probably already been exploited for several months by AdGholas to propagate ransomware by slipping in the exploits via ads inserted into widely used advertising networks.
"Threat actors are increasingly turning to software vulnerabilities that don't just let them install malware onto a system through drive-by downloads but let them hide their actions from researchers," said Kevin Epstein, vice president of the threat operations centre at Proofpoint.
Exploit kit activity has dropped off since 2015, he added, but the activity that is still going on is increasingly sophisticated, "using advanced filtering to pull in users most likely to be infected and provide the best return on investment for threat actors".
The fixes are being sent to users' PCs rolled up into one download, which means that many end users won't get to pick and choose, while systems administrators will have the headache of managing multi-terabytes of data suddenly hitting the network at the same time.
The Microsoft Security Bulletin Summary for October 2016 lists the key fixes as follows:
- MS16-118 is a cumulative update for IE. This addresses 11 vulnerabilities, including remote code execution flaws, information disclosure vulnerabilities and two elevation of privilege
- MS16-119 is a cumulative security update for Microsoft Edge that fixes 13 vulnerabilities in Microsoft's latest browser
- MS16-120 is a security update for the Microsoft Graphics Component that should resolve vulnerabilities in a series of Microsoft applications, including Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync and Silverlight
- MS16-122 is another patch to resolve remote code execution flaws, this time in Microsoft Video Control
- MS16-127 is a security update for Adobe Flash Player that resolves a remote code execution flaw.
Karl Sigler, threat intelligence manager at Trustwave, described the hit list as "the usual suspects, namely Internet Explorer, Edge, Graphics Component, Adobe Flash and the Microsoft Office suite".
He also highlighted a rare 'Moderate' rated threat (MS16-126) that would enable attackers to test for the presence of files on a file system to make sure that a PC isn't running anything that might detect their malware before conducting an all-out assault. µ
Mark Vartanyan was working for Norwegian e-healthcare firm Dignio when he was arrested
Samsung can't see a way to profitably compete against Amazon and Google
Fix being rushed out - but not quite as quickly as an ambulance to an emergency
Massive miner Rio Tinto claims 20 per cent of pit-to-port train kilometres in Australia are now driverless
Rio Tinto today, TfL tomorrow?