Apple Launches iOS 11.3: European Data Protection Regulation GDPR: Launches major privacy push, with software updates across all its devices to introduce new data privacy information immediately, with an updated website offering new privacy management tools to follow in May according to a report on Thursday #AcePCHelpNews

#AceNewsReport – Mar.30: Thursday’s updates (macOS 10.13.4, iOS11.3 and tvOS 11.3) are prompted by the enormous new European data protection regulation GDPR, and have been in the works since at least January: But they come at a good time for the company, whose head Tim Cook has been merrily capitalising on the Facebook/Cambridge Analytica scandal publicly rebuking Mark Zuckerberg over the social network’s business model #AceNewsDesk reports

For users of the company’s devices, the biggest change will be the introduction of a unified data privacy iconography, which now shows up alongside detailed information about how Apple uses personal data for its various first-party services. “Apple believes privacy is a fundamental human right,” the company will tell every user the first time they turn on their devices after the update, “so every Apple product is designed to minimise the collection and use of your data, use on-device processing whenever possible, and provide transparency and control over your information.”

What is GDPR?

For users of the company’s devices, the biggest change will be the introduction of a unified data privacy iconography, which now shows up alongside detailed information about how Apple uses personal data for its various first-party services. “Apple believes privacy is a fundamental human right,” the company will tell every user the first time they turn on their devices after the update, “so every Apple product is designed to minimise the collection and use of your data, use on-device processing whenever possible, and provide transparency and control over your information”.

Although the new features are prompted by GDPR, they are rolling out to users worldwide, and the company proudly notes that it has not had to change any of its software to comply with the new regulations. Unlike competitors such as Google, who operate on the principle that large scale data collection bestows an advantage in areas such as machine learning and transport planning, Apple has repeatedly argued that it has a responsibility to minimise data collection.

Speaking on Wednesday, Cook said “We could make a ton of money if we monetised our customers, if our customers were our product … We’ve elected not to do that. We’re not going to traffic in your personal life. Privacy to us is a human right, a civil liberty.”

In May, shortly before GDPR takes effect, Apple will also update its website to make it easier for users to exercise four key rights granted by the regulation: getting a copy of their data; requesting a correction to their data; deactivating their accounts; and deleting their accounts.

The company sees an opportunity to distinguish from competitors there too: deactivation, in particular, is a much stronger implementation than in other platforms. It removes the user’s information from all aggregated data stores, isolating their accounts but stopping short of deleting them.

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

Advertisements

Microsoft’s Meltdown Patch Made Windows 7 PCs More Insecure: Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system’s kernel memory #AcePCHelpNews

#AceNewsDesk – Mar.29: For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft: Shortly after the researchers disclosed the Spectre and Meltdown exploits, software vendors, including Microsoft, started releasing patches for their systems running a vulnerable version of processors #AceNewsDesk reports
microsofts-meltdown-vulnerability

However, an independent Swedish security researcher Ulf Frisk found that Microsoft’s security fixes to Windows 7 PCs for the Meltdown flaw—which could allow attackers to read kernel memory at a speed of 120 KBps—is now allowing attackers to read the same kernel memory at a speed of Gbps, making the issue even worse on Windows 7 PCs and Server 2008 R2 boxes https://t.me/TheHackerNewsRSS/671

Frisk is the same researcher who previously discovered a way to steal the password from virtually any Mac laptop in just 30 sec by exploiting flaws in Apple’s FileVault disk encryption system, allowing attackers to unlock any Mac system and even decrypt files on its hard drive.

The discovery is the latest issue surrounding Meltdown and Spectre patches that were sometimes found incomplete and sometimes broken, making problems such as spontaneous reboots and other ‘unpredictable’ system behavior on affected PCs.

According to Frisk, the problem with MS’ early Meltdown fixes occurs due to a single bit (that controls the permission to access kernel memory) accidentally being flipped from supervisor-only to any-user in a virtual-to-physical-memory translator called PLM4, allowing any user-mode application to access the kernel page tables.

The PML4 is the base of the 4-level in-memory page table hierarchy that Intel’s CPU Memory Management Unit (MMU) uses to translate the virtual memory addresses of a process into physical memory addresses in RAM.

The correctly set bit normally ensures the kernel has exclusive access to these tables.

“The User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself,” Frisk explains in his blog post.

To prove his claim, Frisk also provided a detailed breakdown and a proof-of-concept exploit. The issue only affects 64-bit versions of Windows 7 and Windows Server 2008 R2, and not Windows 10 or Windows 8.1 PCs, as they still require attackers to have physical access to a targeted system.

Buggy Patch Allows to Read Gigabytes of Data In a Second

Also since the PML4 page table has been located at a fixed memory address in Windows 7, “no fancy exploits” are needed to exploit the Meltdown vulnerability.

“Windows 7 already did the hard work of mapping in the required memory into every running process,” Frisk said. “Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required – just standard read and write!”

Once read/write access has been gained to the page tables, it would be “trivially easy” to gain access to the entire physical memory, “unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization,” Frisk said.

All attackers have to do is to write their own Page Table Entries (PTEs) into the page tables in order to access arbitrary physical memory.

Frisk said he has not been able to link the new vulnerability to anything on the public list of Common Vulnerabilities and Exposures. He also invited researchers to test the flaw using an exploit kit he released on GitHub.

The issue with the Microsoft’s Meltdown patch has been fixed by the company in its March Patch Tuesday, so all admins and users of Windows 7 and Windows 2008R2 are strongly recommended to update their systems as soon as possible.

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

Released in the stable channel this week, Chrome 65 brings 45 security fixes, including 27 patches for vulnerabilities discovered by external researchers: #AcePCHelpNews

#AceNewsDesk – Mar.10: The browser also includes an updated JavaScript engine, namely V8 version 6.5. Announced in early February and initially made available in Chrome 65 Beta, the new V8 engine includes an untrusted code mode meant to mitigate the latest speculative side-channel attack called Spectre.#AceNewsDesk reports

The 27 vulnerabilities reported by researchers include 9 security flaws assessed with a High severity rating, 15 bugs considered Medium risk, and 3 issues with a Low severity rating.

Google rewarded the researchers over $34,000 in bug bounties, but hasn’t provided details on all payouts in the published advisory.

The most important of the addressed bugs are two High risk use after free in Flash (CVE-2018-6058 and CVE-2018-6059). Both were reported by JieZeng of Tencent Zhanlu Lab in August 2017 and were awarded a $5,000 bounty each.

Google also addressed a Use after free in Blink (CVE-2018-6060) and a Race condition in V8 (CVE-2018-6061) – two High severity flaws awarded $3,000 each –, as well as a Heap buffer overflow in Skia (CVE-2018-6062) – awarded $1,000.

Other High risk issues resolved in Chrome 65 include two incorrect permissions on shared memory bugs, one Type confusion in V8, and one Integer overflow in V8.

The most important of the Medium risk issues was CVE-2018-6066, a Same Origin Bypass via canvas that was awarded a $4,000 bounty.

Other Medium severity issues addressed in this release include Buffer overflow in Skia, Object lifecycle issues in Chrome Custom Tab, Stack buffer overflow in Skia, CSP bypass through extensions, Heap buffer overflow in Skia, Integer overflow in PDFium, Heap buffer overflow in WebGL, and Mark-of-the-Web bypass.

Google also addressed an overly permissive cross origin download, incorrect handling of URL fragment identifiers in Blink, a timing attack using SVG filters, URL Spoof in OmniBox, Information disclosure via texture data in WebGL, and Information disclosure in IPC call.

The three Low risk bugs resolved in the browser include XSS in interstitials, circumvention of port blocking, and incorrect processing of AppManifests.

The new application release is available for download as version Chrome 65.0.3325.146 for Windows, Mac and Linux computers. Chrome for Android has been updated as well, now available as version 65.0.3325.109.

Released in the stable channel this week, Chrome 65 brings 45 security fixes, including 27 patches for vulnerabilities discovered by external researchers http://ift.tt/2tokdr5

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

You Can Use A VPN To Battle ISP Net Neutrality Abuse: The FCC’s butchery of net neutrality has become law, and people are turning to virtual private networks to preserve their privacy and access: VPN: Why you should hide your IP address ? #AcePCHelpNews

#AceNewsDesk – Mar.03: The Republican-dominated Federal Communications Commission (FCC) has destroyed net neutrality: While there are efforts from the Senate to local governments to restore net neutrality, in the meantime, we’re still stuck with ISPs that can control how much bandwidth we get to a particular site and who can spy on your web traffic. One answer we can use today to reclaim some of our freedom are virtual private networks (VPNs) #AceNewsDesk reports

The need for such services is becoming clear, as ISPs are starting to break net neutrality. AT&T is leading the destruction of net neutrality. Despite its claims to the contrary, AT&T is preparing to implement fast and slow lanes. Its “free” lanes are with the Sponsored Data plan for AT&T video services such as DirecTV Now.

These changes foreshadow more drastic damage to net neutrality. Under the FCC’s new rules, for example, an ISP could charge you more if you watched Netflix instead of Hulu. Or, it could slow your Sling TV video while allowing YouTube TV to run at full speed.

Don’t think ISPs would do this? Think again. It’s already happened. In 2012, AT&T banned Apple FaceTime on its networks. And, in 2014, Verizon slowed down Netflix traffic.

In addition, the Electronic Frontier Foundation (EFF) has pointed out that you can expect your ISP to sell your data to marketers; hijack your searches; snoop through your traffic to add yet more ads; and inject undetectable, non-deletable tracking cookies in all of your HTTP traffic. These are all things ISPs have done before — and free of regulation, they’ll do even more of it.

What can you do? Turn to a VPN.

With a VPN service, your ISP can’t see your your network traffic, so it can’t tell where you’re going or what services you’re using. Verizon, which owns Yahoo, won’t be able to tell, for instance, that you’re using Google for your searches. And, of course, since your ISP can’t read your traffic, it can’t sell your information or place targeted ads in it.

Your ISP should — note I said should — treat your VPN traffic as ordinary traffic. In some countries, notably China and Russia, VPNs are tightly controlled or banned. It’s possible ISPs or President Donald Trump’s government may yet try similar things with US VPNs, but they haven’t tried this yet.

In the meantime, some people have already turned to VPNs to protect themselves from their ISPs. Ariel Hochstadt, former Gmail marketing manager and present internet entrepreneur, noticed that just the FCC’s first moves to kill off net neutrality in April 2017 caused a 170-percent increase in VPN sales. In an interview, David Gorodyansky, CEO of Anchor Free, the parent company of the HotSpot Shield VPN, said he saw a spike in VPN sales after the FCC’s anti-net neutrality moves.

NordVPN claimed, “A VPN service gives access to the internet without throttling and censorship – the way it’s supposed to be.” It’s right.

You Can Use A VPN To Battle ISP Net Neutrality Abuse

#AceRelatedNews

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

23,000 HTTPS Certificates will be axed in next 24 hours after private keys leak: In future, Trustico will flog Comodo HTTPS certificates rather than peddle Symantec-branded certs #AcePCHelpNews

#AceNewsDesk – Mar.01: Customers of HTTPS certificate reseller Trustico are reeling after being told their website security certs – as many as 23,000 – will be rendered useless within the next 24 hours #AceNewsDesk reports

This is allegedly due to a security blunder in which the private keys for said certificates ended up in an email sent by Trustico. Those keys are supposed to be secret, and only held by the cert owners, and certainly not to be disclosed in messages. In the wrong hands, they can be used by malicious websites to masquerade as legit operations……Unless the affected certificates are replaced in time, visitors to websites using Trustico-sold HTTPS certs will be turned away by their browsers, due to the digital certificates being revoked……The whole situation is a mess, and possibly the result of a turf war. Here’s what we’ve managed to ascertain.

What is Trustico?

Trustico, based in Croydon, UK, touted SSL/TLS certificates, which are used by websites to encrypt and secure their connections. It resold certs from the Symantec brand umbrella: Symantec, GeoTrust, Thawte, and RapidSSL. This umbrella is now owned and operated by DigiCert……If you wanted to buy, say, a RapidSSL-issued certificate, you could do so via Trustico. The HTTPS cert ultimately leads back, along a chain of trust, to DigiCert, a root certificate authority trusted by web browsers and other software. In turn, the website presenting the Trustico-sold cert is trusted, its traffic secured using encryption, and the reassuring green padlock is displayed in visitors’ browsers.

Why are the certificates being revoked?

According to DigiCert’s chief product officer Jeremy Rowley earlier today, Trustico told DigiCert in early February that its resold certificates had been “compromised,” and that the certs needed to be mass revoked as a result……DigiCert staff, we’re told, asked Trustico for more information on this security mishap. The reseller replied it had a copy of the private keys, which is usually grounds for revocation, and thus insisted that DigiCert revoke the certificates…….When pressed for evidence, Trustico on Wednesday simply emailed DigiCert 23,000 certificates’ private keys as proof it held this information, it is claimed. This forced DigiCert’s hand: under the rulebook of standards set by the elders of the certificate security and browser worlds, the Trustico-sold certificates had to be revoked as a precaution within 24 hours. Specifically, the ones with their private keys in the email will be canceled…….”Trustico has not provided any information about how these certificates were compromised or how they acquired the private keys,” explained Rowley…….”As is standard practice for a Certificate Authority, DigiCert never had possession of these private keys. Currently, we are only revoking the certificates if we received the private keys. There are additional certificates the reseller requested to have revoked, but DigiCert has decided to disregard that request until we receive proof of compromise or more information about the cause of this incident.”

On Twitter, Rowley continued: “I’ll likely be posting the private keys later once people have a fair chance to replace their certificates … The allegation of compromise, keys compromised, and request for revocation all came from Trustico.”…….Before you raise an eyebrow too high, by posting the private keys, Rowley plans to disclose self-signed certificates, produced using the private keys, to prove the secret information was sent to DigiCert without revealing the actual information in public. Some have already popped online as proof DigiCert received the secret keys from Trustico.

Alarm bells

To warn netizens to the upcoming mass revocation, DigiCert’s RapidSSL business sent out email alerts to Trustico customers urging them to get new HTTPS certificates or watch their sites go dark. Here’s a copy of the memo, passed to El Reg:

Screenshot of a RapidSSL customer email

Red alert … Click to enlarge

DigiCert also put out a blog post, giving its side of the story:

Trustico requested revocation of their Symantec, GeoTrust, Thawte and RapidSSL certificates, claiming the certificates were compromised. When we asked for proof of the “compromise,” Trustico did not provide details on why they were requesting the immediate revocation. Trustico’s CEO indicated that Trustico held the private keys for those certificates, and then emailed us approximately 20,000 certificate private keys.

When he sent us those keys, his action gave us no choice but to act in accordance with the CA/Browser Forum Baseline Requirements, which mandate that we revoke a compromised certificate within 24 hours. As a CA, we had no choice but to follow the Baseline Requirements.

Following our standard revocation process, we gave notice via email to each certificate holder whose private keys had been exposed to us by Trustico, so they could have time to get a replacement certificate.

Now, over to Trustico.

Upset and denials

We asked the Brit biz for comment, and had yet to hear back at time of writing. However, posting on Mozilla’s security policy newsgroup, Trustico product manager Zane Lucas was clearly upset that DigiCert sent out the above alert…….”We didn’t authorise DigiCert to contact our customers and we didn’t approve the content of their email,” wrote Lucas.

“At no time had any private keys been compromised, nor had we ever informed to you that any private keys had been compromised. During our many discussions over the past week we put it to you that we believe Symantec to have operated our account in a manner whereby it had been compromised. Your usage of the word compromise has been twisted by you to your benefit and is absolutely defamatory.”…….To put this in context: Trustico was fed up with using Symantec certs, and on February 13, it formally abandoned the umbrella of brands – ahead of Google Chrome and Mozilla Firefox officially distrusting the certificates due to past security fumbles by Symantec. Trustico said it had complained privately to Symantec of long-running concerns over the security safeguards on Symantec-branded of certificates, hence Lucas’ reference to its Symantec account.

Although Lucas stressed the private keys for Trustico’s resold certificates were not compromised, it did, according to DigiCert, email a copy of 23,000 of them to the root authority seemingly to trigger their revocation. At that point, DigiCert considered the certificates at risk, and started the countdown clock to cancel them……..Trustico and DigiCert have clearly majorly fallen out, with the pair going their separate ways this month amid the behind-the-scenes drama. It even appears Trustico tried to stop DigiCert from using its online portal to send out today’s emailed warning:

In future, Trustico will flog Comodo HTTPS certificates rather than peddle Symantec-branded certs. Cynics have suggested the Brit reseller ordered the revocation of its Symantec-umbrella certs so it could drive its customers onto Comodo certificates, and thus avoid the looming Google Chrome HTTPS certificate apocalypse without losing many, if any, punters. In effect, website owners have been caught up in a turf war between Trustico and DigiCert………How did Trustico get the private keys to certificates it resold? We don’t know for sure – but it did, and still does, offer an online private key generator for certificates. Just saying…….In an email sent to customers a few hours ago, and seen by The Register, Trustico said it will provide free certificates to replace the soon-to-be-nuked SSL/TLS certs:

Recently we wrote to you to let you know that we are no longer offering Symantec, GeoTrust, RapidSSL and Thawte branded SSL Certificates. Unfortunately, Google Chrome has decided to distrust these SSL Certificates. It’s important to us that you SSL Certificate continues to function as normal, and not be compromised by the distrust of the Symantec brands. It is now required that you replace any existing distrusted SSL Certificate with one that is trusted by all web browsers.

Rest assured, there hasn’t been any type of compromise of our systems. However, Symantec brands will cease to function correctly due to Google Chrome’s decision to distrust them.

Recently DigiCert acquired the Symantec SSL Certificate division and subsequently an e-mail was sent by DigiCert to some of our SSL Certificate customers advising of the revocation of their distrusted SSL Certificate. We didn’t authorise this e-mail to be sent and had specifically disabled it within the DigiCert system. We understand that the e-mail sent about your distrusted SSL Certificates may be confusing. It’s important that you take the opportunity to replace your SSL Certificate as soon as possible.

We’re providing free replacement of affected SSL Certificates. To enable a free replacement, you’ll receive an e-mail report today if you have affected SSL Certificates. Your report will contain a unique coupon code for each affected SSL Certificate. When you replace your distrusted SSL Certificates using your unique coupon codes you’ll receive extra validity free of charge. If you have any questions please feel free to reply to this e-mail.

Meanwhile, DigiCert said it, too, will offer free replacement certs to folks using Symantec-branded HTTPS certificates, which will be ignored by web browsers later this year. And, of course, don’t forget you can grab free HTTPS certificates from Let’s Encrypt that all major browsers trust……..Today has been marred with confusion. Trustico’s customer support lines have been jammed with complaints and queries, following DigiCert’s email alerts. Reg readers told us they felt left in the dark. Perhaps it’ll all be clearer in a few hours, when the dust has settled – and the certs have been nuked. ® 23,000 HTTPS Certs Will Be Axed In Next 24 Hours Amid Bitter Turf War Trustico, DigiCert come to blows as browsers prepare to snub Symantec-brand SSL By John Leyden 1 Mar 2018 at 00:43

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

WordPress Users Warned of Malware Masquerading as ionCube Files: Researchers have found sneaky encoded malware targeting WordPress and Joomla sites that pretends to be ionCube files #AcePCHelpNews

#AceNewsDesk – Mar.01: Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware #AceNewsDesk reports

In the two weeks since it was first discovered, researchers said that the malware has been found on over 800 mostly small business websites running the CMS platforms WordPress, Joomla and CodeIgniter. According to SiteLock, which found the malware, it is unique because the malware is both encoded and formatted to look like a legitimate ionCube file.

IonCube is a commercial PHP scrambler that turns text-based PHP files – used to create dynamic content on websites – into an undecipherable code often to hide the intellectual property associated with licensed PHP files.

Weston Henry, lead research analyst at SiteLock, said the ionCube Malware is similar to malicious base64 encoded PHP eval requests that target website PHP functions and hide inside rogue CMS plugins. Eval is a PHP function capable of executing arbitrary PHP code and often used by hackers to create website backdoors.

“This specific tactic we have never seen before. We have seen a ton of malware samples that have tried to look like specific Joomla or WordPress files. But ionCube is a legitimate encoding and encrypting tool,” Henry said. “So when bad guys obfuscate malware inside fake ionCube files, it amounts to creating eval backdoor access to a website.”

Henry said that it’s unclear how the 800 sites became infected with the ionCube malware, although he suspects that it was likely tied to the use of out-of-date CMS plugins or platform software. “From what we’ve seen, there’s no reason to think that this (malware) couldn’t impact any site that had a vulnerability that a bad actor could identify and compromise.”

“This is particularly hard to identify, especially for any site that might already be using ionCube services,” Henry said.

Researchers said samples identified were named “diff98.php” and “wrgcduzk.php” and found in the WordPress core directories. Upon further inspection, malicious ionCube file code contain subtle differences such as a bogus “il_exec” line rather than the legitimate “_il_exec” line.

“From our findings, there’s a reference to the ioncube.com domain name in some form or another in every legitimate ionCube file, but it is not present in the fake files. Also notice that the fake file has a code block after the PHP closing tags, much like the legitimate ionCube file. But unlike the real file, this code block consists only of alphanumeric characters and newlines,” according to an upcoming SiteLock blog outlining its research.

As for mitigation, besides more heavily scrutinizing ionCube files, SiteLock suggests sites update all CMS plugins and software: // Threatpostby Tom Spring February 27, 2018 , 2:52 pm

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews

#ALERT January 2018 Patch Tuesday security updates fix a zero-day vulnerability in MS Office #AcePCHelp News report

#ALERT 10/01/17: January 2018 Patch Tuesday security updates fix a zero-day vulnerability in MS Office #AceNewsDesk reports

http://ift.tt/2CPnxMp #AcePCHelpNews

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews