By Jon Munshaw, with contributions from Joe Marshall.
Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months.
Eighteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important,” with two also considered of “low” importance. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products and services, including the HEVC video file extension, the Azure Sphere platform and Microsoft Exchange servers.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here.
One of the most serious vulnerabilities exists in the Windows Network File System. CVE-2020-17051 received a CVSS severity score of 9.8 out of a possible 10. An adversary could exploit this vulnerability to execute remote code on the victim machine, without any user interaction or stolen credentials from the victim machine.
There is also a remote code execution vulnerability (CVE-2020-17042) in the Windows print spooler features, one of the oldest features across Windows machines. This vulnerability affects versions of the Windows operating system and Windows Server dating back several years, including some versions of Windows 7 and Windows Server 2008.
The Microsoft scriptin ..
Support the originator by clicking the read the rest link below.
