By Jon Munshaw.
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products.
Twenty-three of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover several different products including the Microsoft Office suite of products, Windows Media Audo Decoder and the Hyper-V virtual machine software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory
here.
One of the most severe vulnerabilities exists in Microsoft COM.
CVE-2020-0922 received a CVSS severity score of 8.8 out of a possible 10. An adversary could exploit this bug to gain the ability to remotely execute code on the victim machine after a user opens an attacker-controlled web page that contains specially crafted JavaScript.
A similar attack vector could allow a user to exploit
CVE-2020-1508 and
CVE-2020-1593, both code execution bugs in Media Audio Decoder. If a user visits a specially crafted, attacker-controlled web page, the attacker could then take control of the affected system.
The ChakraCore scripting engine also contains two remote code execution vulnerabilities that an attacker could use to execute code i ..
Support the originator by clicking the read the rest link below.
