You may forget about a Tuesday chore, but Microsoft never forgets to release an update on Tuesday. It’s a new month, so another Patch Tuesday update has arrived for Windows 10 and other products.
This time, Redmond has managed to fix 115 security loopholes that might have affected users otherwise.
Out of these, Microsoft has flagged 26 vulnerabilities as critical that could have allowed attackers to leverage remote code executions. Hence, it is important to install the new Microsoft update. March 2020 Patch Tuesday is possibly the biggest Patch Tuesday the company has ever released.
The update fixes a flaw (CVE-2020-0852) in Microsoft Word, where the software fails to handle objects in the memory. This allows the attacker to run arbitrary code without needing the user to open a malicious file. That’s because the MS Outlook preview pane (that loads documents automatically) can be used as an attack vector.
Application Inspector is a relatively new Windows component that got affected by an RCE vulnerability (CVE-2020-0872). Although exploitation is less likely, the vulnerability exists in the way “the tool reflects example code snippets from third-party source files into its HTML output.”
An attacker can convince the user to run the Application Inspector on a source code that includes a malicious third-party component. Apparently, the Application Inspector is a source code analyzer tool that, among other jobs, can help in the detection of malicious backdoors and increased attack surfa ..
Support the originator by clicking the read the rest link below.
