Microsoft releases patches for 58 vulnerabilities – E Hacking News
On Tuesday, Microsoft released fixes for 58 vulnerabilities for more than ten products for Windows and other software in their last Patch Tuesday for this year.
These include vulnerabilities ranging from critical (nine of them), important (forty-six of the flaws were rated important), and moderate (rest three). None of these vulnerabilities or bugs were publicly known or exploited by hackers yet. Both users and administrators should update their systems with these patches as soon as possible.
Some of these patches include:
22 remote code execution holes have been sealed, according to SANS Technology. These fixed execution holes covered two critical vulnerabilities CVE-2020-17118 and CVE-2020-17121 in Microsoft SharePoint, an acute point for exploitation.
The second vulnerability, Microsoft said could be used for a network-based attack by infiltrating the network by making a site and installing executive codes.
“In a network-based attack, an attacker can gain access to create a site and could execute code remotely within the kernel. The user would need to have privileges”, said Microsoft.
Microsoft released the patch for yet another critical remote code execution (RCE) vulnerability CVE-2020-17095 , scoring an 8.5 out of 10 on CVSS scale (Common Vulnerability Scoring System). This vulnerability present in Microsoft’s Hyper V system (which is used to create Virtual Machine environments ) could be used to hack the Virtual machines by RCE.
“An attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,” commented Microsoft on the Hyper V vulnerability.
Other fixes and updates were released for products including Windows, multiple versions of the Edge browser, Microsoft Office, Visual Studio, as well as other products and services in Microsoft’s portfolio. This month’s updates were still on the lower end as compares to last month’s where the tech giant rolled out a bundle of 112 fixes.