Microsoft fixed 87 security vulnerabilities in Windows and other software during its monthly Patch Tuesday update cycles. Twelve of the bugs fixed were identified as critical. There are no zero days among the fixed security vulnerabilities.
From the 87 security vulnerabilities Twelve are rated ‘critical’ by Microsoft. 74 are ‘important’ and 1 bug was’moderate‘. There were no zero days among the bugs. Microsoft fixed the bugs in Windows, but also in Microsoft Office, Azure, the Windows Media Player, Adobe Flash Player and Visual Studio. Several bugs have also been fixed in the Windows kernel, although none have been identified as critical.
Ten of the twelve critical problems made one remote code execution possible. So made a TCP / IP bug possible to execute code remotely. This could be exploited by attackers by sending an infected ICMPv6 package to a vulnerable system. McAfee published a blog post about the bug, which the company calls ‘Bad Neighbor’. According to a proof-of-concept that McAfee published, exploiting the bug is “extremely simple.”
Remote code execution was also possible via Outlook, and could be exploited by sending a special email. Victims only needed to show this infected e-mail in the preview window to install malware. CVE-2020-16911, which was included in the Windows Graphics Device Interface, further made it possible, for example, to create an infected website, after which attackers can execute code on visitors’ devices. With CVE-2020-16891 users of a Hyper-Vvirtual machine Run commands on the OS of the host system.
Microsoft rolls out the updates to different Windows versions, such as Windows 10, Windows Server, and Windows 8.1. Extended security users of Windows 7 can also expect the update.
–