Skip to main content



February 13, 2018

Importance: Critical

Resources affected:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- Adobe Flash


The monthly publication of Microsoft security updates this month consists of 52 vulnerabilities, 14 classified as critical and 38 as important, the rest being medium or low severity.


Install the corresponding update. On the installation information page for security updates, the different update methods are reported.


Security vulnerabilities of the following types have been published in the security update bulletin for the month of February:

- Privilege escalation
- Information divulgation.
- Remote code execution
- Evasion of security.
Recent posts

Red Hat - Fedora Best battery performance

From the development team, there have been improvements that introduced improvements in battery life.

The first one is related to the Bluetooth and USB management interfaces. As long as they are not necessary. That is, it is not used, it can be used in suspension mode to avoid the unnecessary consumption of energy. Indicate that this does not cause an appearance of conflicts with peripherals that enter in suspension mode and do not recover from this state, something that has already been seen as it happens in Windows.

From the development group of Red Hat also opt to activate the automatic suspension of Intel HDA codecs. To this, they add the driver modification of the SATA and i915 interfaces.


EXIM Remote code Execution

Exim versions 4.80 (Base, .1), 4.82 (Base), 4.83 (Base), 4.84 (Base), 4.85 (Base), 4.86 (Base), 4.87 (Base), 4.88 (Base), 4.89 (Base) y 4.90 (Base)


A high severity vulnerability has been published that could allow a remote attacker to execute arbitrary code on affected systems.



By sending a specially crafted message, an attacker could cause a buffer overflow that results in the execution of arbitrary code on the affected system. The CVE-2018-6789 identifier has been reserved for this vulnerability.

Meltdown and Spectre

Meltdown and Spectre exploit critical vulnerabilities in some of the main processor brands. These hardware vulnerabilities allow programs to steal data which is currently processed or in use on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get information stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal data: photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work all kind of devices: on personal computers, mobile devices, and in the cloud.