July : Microsoft Patches Over 100 Vulnerabilities


July has brought another large set of patches from Microsoft for patch Tuesday. This month  123 patches were released for CVEs and one foreign advisory, Of the CVEs 105 are considered important updates while 18 of them are critical.

The most critical patches for CVE-2020-1350 which allows for arbitrary code execution on windows DNS serves the CBS score for this vulnerability is 10, which is the highest score of vulnerability can get. This vulnerability is also wormable which means that it can spread across the network allowing remote code execution on any affected server on the network.

CVE-2020-1025 is a Microsoft Office vulnerability that received a rare critical rating for privilege escalation because an attacker can use this to gain access to an affected server through improper handling of an Auth Token. Other remote code execution vulnerabilities are found in msoutlookonline.net framework, a SharePoint server and visual studio(CVE-2020-1147).

The Outlook vulnerability, in particular, could allow an attacker to exploit the remote code execution vulnerability simple from a user previewing a malicious email in the Outlook preview pane.
The patch management in Acronis cyber protect can detect unpatched systems and automatically install Microsoft updates as well as other outdated software keeping users safe from such threats.

0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post