By Jon Munshaw, with contributions from Alex McDonnell and Nick Biasini.
Microsoft released its monthly security update Tuesday, disclosing more than 100 vulnerabilities across its array of products.
Fourteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products including the SharePoint document management system, Azure Sphere and the Windows camera codec, which allows users to view a variety of video files on their machines.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here.
Talos would like to specifically highlight two remote code execution vulnerabilities in SharePoint. CVE-2020-16951 and CVE-2020-16952 exists when SharePoint improperly checks the source markup of an application package. An adversary could exploit these bugs to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
There are also two newly discovered vulnerabilities in the Windows 10 operating system that could allow a remote, unauthenticated attacker to send a crafted IPv6 packet and either crash a Windows system (CVE-2020-16899) or execute code on the target system (CVE-2020-16898). CVE-2020-16898 is more likely to be ..
Support the originator by clicking the read the rest link below.
