There has been a common vulnerabilities and exposures (CVE) fixing trend in 2020 Patch Tuesdays. For instance, Microsoft has patched roughly more than 100 vulnerabilities per month in recent bulletins. Similarly, the July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine.
The patches address 18 vulnerabilities rated Critical and 105 that were rated Important in severity. A total of eight CVEs were disclosed through Trend Micro’s Zero Day Initiative (ZDI) program.
While none of the vulnerabilities were listed as under active attack at the time of release, among the bugs addressed this month is the “wormable” Critical-rated remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) Servers (designated as CVE-2020-1350). An affected system that receives a specially crafted request could allow unauthenticated code execution at the level of a Local System account.
Since Windows servers configured as DNS servers are usually also domain controllers, users should prioritize patching this flaw. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
.NET Framework, SharePoint Server, and Visual Studio RCE
This month’s security releases include a fix for an RCE vulnerability (CVE-2020-1147) in Microsoft .NET Framework, Visual Studio, and collaborative platform SharePoint. Users with affected installations are urged to immediately apply the update to address potential risks.
The vulnerability is concerned with the way the source markup of XML file input is validated. If left unpatched, an attacker ..
Support the originator by clicking the read the rest link below.
