Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Alert For Windows 10 Users! Update Your System Immediately to Patch 9 Critical Vulnerabilities!

Microsoft has released a latest security update on Tuesday to patch 9 critical vulnerabilities.  These vulnerabilities has been discovered by security researchers in Internet Explorer, Edge Browser, Microsoft Graphics Component, Microsoft Office, Windows Boot Manager and Windows PDF library. This update has been released by Microsoft to patch total 9 security flaws and 5 of them has been ranked as critical because these flaws are RCE (Remote Code Execution) vulnerabilities.

 

What is Remote Code Execution Vulnerability?

RCE is a critical vulnerability and by exploiting it, cybercriminals could execute remote commands on system. By executing commands remotely they can install malicious softwares and backdoors in the targeted system. A successful Remote Code Execution exploit process may allow hackers to virtually control the system of victim. Hackers may trace each activity of victim through command and control servers.

 

Windows Security Updates of August 2016

Following Vulnerabilities Has Been Fixed by Microsoft in this update:

  • MS16-095 (Internet Explorer)
  • MS16-096 (Edge Browser)
  • MS16-097 (MS Graphic Component)
  • MS16-098 (Kernel Mode Drivers)
  • MS16-099 (MS Office)
  • MS16-100 (Boot Manager)
  • MS16-101 (Windows Authentication Method)
  • MS16-102 (Windows PDF Library)
  • MS16-103 (active SyncProvider)

 

​MS16-095 (Internet Explorer)

This vulnerability was allowing attackers for remote code execution. Hackers need to design a specially crafted webpage and they have to manipulate the victim to see it in Internet Explorer. If they are able to do it successfully, they can take the control of system as admin. They can add new data, remove the old data and can do many other changes. It is a critical vulnerability.

 

MS16-096 (Edge Browser)

Edge Browser was also allowing hackers for Remote code Execution like Internet Explorer. Hackers could use the same process as Internet Explorer in this to manipulate a victim and they can take the administrative rights.

 

MS16-097 (MS Graphic Component)

This vulnerabilities also allows hackers for Remote Code Execution. Hackers could target Windows Users by sending them a special crafted Document and Specially crafted website. This security update will patch this critical security flaw in Skype, Microsoft Lync, Microsoft Windows and Microsoft Business.

 

Also read: Nigerian Mastermind Behind Online Fraud of $60 Million, Has Been Arrested By INTERPOL!

 

MS16-098 (Kernel Mode Drivers)

This vulnerability is related to privilege elevation. Hackers could target users by sending them specially crafted executable file of a malicious application. When user will run that application, hackers can take control of the system.

 

MS16-099 (MS Office)

This is also a critical vulnerability. MS Office is allowing hackers to take control of system. Hackers can send a malicious MS Office File. When victim will click on it, the attached malicious codes will do it work to give the control of system to hackers.

 

MS16-100 (Boot Manager)

This update is important for Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows 10 and Windows RT. This vulnerability is allowing hackers to bypass security features of Windows by installing a specially crafted malicious boot manager into system files of a system.

 

MS16-101 (Windows Authentication Method)

This vulnerability is also related to privilege elevation like MS16-098. Hackers could run an application of joined domain system to target the victims. Elevation of privilege if an attacker runs a specially crafted application on a domain-joined system

 

MS16-102 (Windows PDF Library)

Windows 8.1, Windows 10, Windows RT 8.1 and Windows Server 2012 are infected with this vulnerability. It allows remote code execution through PDF files. Hackers could send malicious PDF files to victim. When victim will open it or see it online, the control of system will be in the hands of attackers.

 

MS16-103 (Active SyncProvider)

At the failure of secure connection establishment process in universal outlook. This is an information disclosure vulnerability.

 

Install these security updates as soon as possible for your systems security!

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.