Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again
Intel is rolling out updates
–
known as SGAxe and CrossTalk -- that address exploits targeting the Software Guard Extension in Intel processors, but they are not necessarily installed automatically.
Microsoft fixes 129 bugs in largest patch release
Eleven of the bugs addressed are categorized as Critical, and 118 are classified Important. The vulnerabilities exist in Microsoft Windows, Internet Explorer, Edge browser, ChakraCore, Office, Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps, and Microsoft Apps for Android. None are publicly known or under active attack.
U.S. Homeland Security issues Windows 10 warning
Windows 10 users who have not installed updates are vulnerable to an exploit known as SMBGhost, which affects the component that links Windows with file servers, printers and other devices. The warning comes from the Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), whose cybersecurity advisory unit discovered exploit code for the "wormable" bug online.