Security biz Qualys has revealed Vulnerability-related.DiscoverVulnerability three vulnerabilities in a component of systemd , a system and service manager used in most major Linux distributions . Patches for the three flaws – CVE-2018-16864 , CVE-2018-16865 , and CVE-2018-16866 – should appear in Vulnerability-related.PatchVulnerability distro repos soon as a result of coordinated disclosure . However , Linux distributions such as Debian remain vulnerable Vulnerability-related.DiscoverVulnerability at the moment , depending on the version you have installed . `` They 're aware Vulnerability-related.DiscoverVulnerability of the issues and they 're releasing Vulnerability-related.PatchVulnerability patches , '' said Jimmy Graham , director of product management at Qualys , in a phone interview with The Register . `` I do n't believe Red Hat has released Vulnerability-related.PatchVulnerability one but it should be coming shortly . '' The bugs were found Vulnerability-related.DiscoverVulnerability in systemd-journald , a part of systemd that handles the collection and storage of log data . The first two CVEs refer to memory corruption flaws while the third involves an out of bounds error that can leak data . CVE-2018-16864 can be exploited Vulnerability-related.DiscoverVulnerability by malware running on a Linux box , or a malicious logged-in user , to crash and potentially hijack the systemd-journald system service , elevating access from user to root . CVE-2018-16865 and CVE-2018-16866 can be exploited Vulnerability-related.DiscoverVulnerability together by a local attacker to crash or hijack the root-privileged journal service . While systemd is n't universally beloved in the Linux community , Graham sees nothing unusual about the presence of the three flaws in the software . `` The noteworthiness to me is that it is very commonly found in most major distributions , '' he said . Qualys contends all systemd-based Linux distros are vulnerable Vulnerability-related.DiscoverVulnerability , though the vulnerabilities can not be exploited Vulnerability-related.DiscoverVulnerability in SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 because their user-land code is compiled with GCC 's -fstack-clash-protection option . The security biz calls it a simplified stack clash – where the size of the stack gets changed to overlap with other memory areas – because it only requires the last two steps in a four step process : Clashing the stack with another memory region , moving the stack-pointer to the stack start , jumping over the stack guard-page into another memory region , and smashing the stack or memory space . The third bug , CVE-2018-16866 , appeared in Vulnerability-related.DiscoverVulnerability June 2015 ( systemd v221 ) and , Qualys says , was fixed Vulnerability-related.PatchVulnerability inadvertently in August 2018 . In code where the flaw still exists Vulnerability-related.DiscoverVulnerability , it could allow an attacker to read out of bounds information , resulting in information leakage . `` The risk [ of these issues ] is a local privilege escalation to root , '' said Graham . `` It 's something that should still be a concern because usually attackers do n't just use one vulnerability to comprise a system . They often chain vulnerabilities together . ''

Microsoft rolled out Vulnerability-related.PatchVulnerability 60 patches for its Patch Tuesday release , impacting 19 critical flaws and 39 important flaws . Microsoft has rolled out Vulnerability-related.PatchVulnerability its August Patch Tuesday fixes , addressing Vulnerability-related.PatchVulnerability 19 critical vulnerabilities , including fixes for two zero-day vulnerabilities that are under active attack . Overall , the company patched Vulnerability-related.PatchVulnerability a total of 60 flaws , spanning Microsoft Windows , Edge , Internet Explorer ( IE ) , Office , .NET Framework , ChakraCore , Exchange Server , Microsoft SQL Server and Visual Studio . Of those , 19 were critical , 39 were rated important , one was moderate and one was rated low in severity . The patch release includes two exploited flaws , CVE-2018-8373 and CVE-2018-8414 , which were previously disclosed Vulnerability-related.DiscoverVulnerability by researchers . The first zero-day , CVE-2018-8373 , could result in remote code-execution ( RCE ) and grants the same privileges as a logged-in user , including administrative rights . The vulnerability exists in Vulnerability-related.DiscoverVulnerability IE 9 , 10 and 11 , impacting Vulnerability-related.DiscoverVulnerability all Windows operating systems from Server 2008 to Windows 10 . Meanwhile , CVE-2018-8414 also enables RCE with the privileges of the logged-in user , and exists on Vulnerability-related.DiscoverVulnerability Windows 10 versions 1703 and newer , as well as Server 1709 and Server 1803 . “ The two zero-day vulnerabilities are … publicly disclosed Vulnerability-related.DiscoverVulnerability and exploited Vulnerability-related.DiscoverVulnerability , ” said Chris Goettl , director of product management , security , for Ivanti , in an email . “ CVE-2018-8373 is a vulnerability that exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . CVE-2018-8414 code-execution vulnerability exists Vulnerability-related.DiscoverVulnerability when the Windows Shell does not properly validate file paths. ” Microsoft also issued Vulnerability-related.PatchVulnerability fixes for security issues that don ’ t impact Windows , but the company thought they were important enough to package into its OS updates , dubbed advisories . Microsoft ’ s Patch Tuesday comes after the company found itself in hot water last month after its new update model caused stability issues for Windows operating systems and applications , particularly in July . The model irked customers so much that enterprise patching veteran Susan Bradley wrote an open letter to Microsoft executives expressing the “ dissatisfaction your customers have with the updates released Vulnerability-related.PatchVulnerability for Windows desktops and servers in recent months . ”

Polish security expert Dawid Golunski has discovered Vulnerability-related.DiscoverVulnerability a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link , under certain circumstances . The researcher published his findings Vulnerability-related.DiscoverVulnerability yesterday , after reporting Vulnerability-related.DiscoverVulnerability the flaw to the WordPress security team last July . After more than ten months and no progress , Golunski decided to go public and inform Vulnerability-related.DiscoverVulnerability WordPress site owners of this issue so they could protect their sites by other means . The issue , tracked Vulnerability-related.DiscoverVulnerability via the CVE-2017-8295 identifier , affects Vulnerability-related.DiscoverVulnerability all WordPress versions and is related to how WordPress sites put together the password reset emails . According to Golunski , an attacker can craft a malicious HTTP request that triggers a tainted password reset operation by injecting a custom SERVER_NAME variable , such as `` attacker-domain.com '' . This means that when the WordPress site puts together the password reset email , the `` From '' and `` Return-Path '' values will be in the form of `` wordpress @ attacker-domain.com '' . Most users would think this zero-day is useless , as the attacker would n't achieve anything more than sending Attack.Phishing a password reset email to the legitimate site owner , but from the wrong Sender address . These complex exploitation scenarios are most likely the main reason why the WordPress team has not prioritized patching Vulnerability-related.PatchVulnerability this issue until now . The same opinion is shared by security experts from Sucuri , a vendor of web-based security products , recently acquired by GoDaddy . `` The vulnerability exists Vulnerability-related.DiscoverVulnerability , but is not as critical as advertised for several reasons , '' said Sucuri vulnerability researcher Marc Montpas . `` The whole attack relies on the fact that the victim 's email is not accessible at the time the attack is occurring , which greatly reduces the chance of a successful attack . '' His colleague , Denis Sinegubko , also shared his thoughts on the issue . `` After a brief reading and assuming the attack works , it has limited impact as it requires an individual site to be accessible by IP address , so will not work for most sites on shared servers . Only for poorly configured dedicated servers . '' `` The whole attack scenario is theoretically possible but in practice , I do n't see thousands of sites getting hacked because of this vulnerability any time soon , '' Montpas added . But if some users are not willing to take risks , webmasters managing high-value sites looking for a way to prevent exploitation of this zero-day have some options at their dispossable . `` As a temporary solution users can enable UseCanonicalName to enforce [ a ] static SERVER_NAME value , '' Golunski proposes . On Reddit , other users also recommended that site owners `` create a dummy vhost that catches all requests with unrecognized Host headers . '' Depending on your technical prowess , you can also experiment with other mitigations discussed in this Reddit thread , at least until the WordPress team patches Vulnerability-related.PatchVulnerability this issue .