By Jon Munshaw.
Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products.
While none of the vulnerabilities disclosed have been exploited in the wild, users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation.
The security updates cover several different products including the VBScript engine, SharePoint file-sharing service and GDI+.Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here.
One of the most urgent patches concerns CVE-2020-1248, a remote code execution vulnerability in the Windows Graphics Device Interface (GDI). An attacker could exploit this vulnerability by either tricking the user into opening a specially crafted web page or a malicious file via social engineering techniques. If successful, the attacker could then leverage the vulnerability in a way that would give them full control of the affected system in the context of the current user. CVE-2020-1248 has a CVSS of 8.4 out of 10.
Microsoft Excel also contains two remote code execution vulnerabilities — CVE-2020-1225 and CVE-2020-1226. Microsoft considers both bugs “important.” An adversary can exploit this vulnerability by tricking a user into opening a specific E ..
Support the originator by clicking the read the rest link below.
