The last Patch Tuesday of the year brings another fresh batch of fixes for Microsoft products and while the number may be lower the patches are no less important.
In the last Patch Tuesday of the year Microsoft has rolled out fixes to no fewer than 58 vulnerabilities across more than ten products including Windows and other Microsoft software.
Nine flaws have received the highest severity rating of “critical”, while 46 received a rating of “important” andthree were rated as “moderate”. It is important to note that none of the bugs that were a part of the patch roll out were listed as publicly known or have been under active exploitation at the time of the release.
Per this summary by the SANS Technology Institute, 22 remote-code execution holes have been plugged as part of this month’s bundle of security patches. This includes two critical vulnerabilities in Microsoft SharePoint, CVE-2020-17118 and CVE-2020-17121, where exploitation is seen as more likely by the Redmond tech giant.
While Microsoft didn’t disclose many details regarding CVE-2020-17118, they went on regarding the latter to describe a possible attack vector saying “In a network-based attack an attacker can gain access to create a site and could execute code remotely within the kernel. The user would need to have privileges.”
Another RCE vulnerability that merits mentioning resides in Microsoft’s Hyper-V whi ..
Support the originator by clicking the read the rest link below.
