By Jon Munshaw.
Microsoft released its monthly security update Tuesday, disclosing 120 vulnerabilities across its array of products.
Sixteen of the vulnerabilities are considered “critical,” including one that Microsoft says is currently being exploited in the wild. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products including Microsoft Media Foundation, the Windows Registry and Microsoft Outlook.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here.
Microsoft Media Foundation contains the largest number of these critical vulnerabilities. The bugs (CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525 and CVE-2020-1554) could all allow an adversary to corrupt memory in a way that would allow them to execute code remotely on the victim machine. Any of these vulnerabilities could be triggered if the target opens a specially crafted document or web page.
The Microsoft Scripting Engine also contains two similar vulnerabilities (CVE-2020-1380 a ..
Support the originator by clicking the read the rest link below.
