https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8475
CVE-2018-8475 | Windows Remote Code Execution Vulnerability
Security Vulnerability
Published: 09/11/2018
MITRE CVE-2018-8475
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code.
To exploit the vulnerability, an attacker would have to convince a user to download an image file.
The update addresses the vulnerability by properly handling image files.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8475
[quote]CVE-2018-8475 | Windows Remote Code Execution Vulnerability
Security Vulnerability
Published: 09/11/2018
MITRE CVE-2018-8475
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code.
To exploit the vulnerability, an attacker would have to convince a user to download an image file.
The update addresses the vulnerability by properly handling image files.
[/quote]
Firedoes it not get downloaded via regular windows update?
Yes it will be. It may be queued or awaiting an automatic update check, so you may prefer to request a manual one.
[quote=Fire]does it not get downloaded via regular windows update?[/quote]
Yes it will be. It may be queued or awaiting an automatic update check, so you may prefer to request a manual one.
Firedoes it not get downloaded via regular windows update?
Yeah but most people click "remind me later" for at a least month before updating.
[quote=Fire]does it not get downloaded via regular windows update?[/quote]
Yeah but most people click "remind me later" for at a least month before updating.
it'll probably update for me right in the middle of scrims, no worries here
it'll probably update for me right in the middle of scrims, no worries here
wolsneRussianGuyovichTo exploit the vulnerability, an attacker would have to convince a user to download an image file.
Is it image files as in .png/.jpeg or image files as in disk images?
There's a huge difference and the cve page doesn't specify which it is
image files, it's a cve in the GDI+ library which handles thumbnails, font rendering and so on for windows iirc
[quote=wolsne][quote=RussianGuyovich]
To exploit the vulnerability, an attacker would have to convince a user to download an image file.
[/quote]
Is it image files as in .png/.jpeg or image files as in disk images?
There's a huge difference and the cve page doesn't specify which it is[/quote]
image files, it's a cve in the GDI+ library which handles thumbnails, font rendering and so on for windows iirc
[img]http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/7132968_orig.jpg?211[/img]
I have no fear