Serviceteam IT Security News

The second Tuesday of the month brings another fresh batch of fixes for security vulnerabilities in various Microsoft products

It’s that time of the month again when Microsoft rolls out patches for security vulnerabilities in Windows and other software. This time round, the patch bundle brings fixes for no fewer than 112 security vulnerabilities, including a Windows zero-day bug that was disclosed last month and is being actively exploited in the wild.

The flaw, tracked as CVE-2020-17087 and ranked as “important” on the CVSS scale, resides in the Windows Kernel Cryptography Driver. It is an elevation of privilege vulnerability that could allow an attacker to perform a sandbox escape. The vulnerability is being exploited in tandem with another zero-day flaw, which is indexed as CVE-2020-15999 and affects FreeType, a software development library that is also a part of Google’s Chrome browser. Both security flaws were uncovered by Google’s Project Zero, and chaining them together could allow an attacker to compromise and gain administrator-level access to a system.

Beyond the zero-day, the latest round of updates also includes fixes for 17 security flaws that received the highest, “critical” rating. The vast majority of the rest were ranked as “important” and two were classified as “low” in severity.

Among those ranked as critical, one earned an ‘almost perfect score’ of 9.8 out of 10 on the CVSS scale. The vulnerability tracked as CVE-2020-17051 can be found in the Windows Network File System and is categorized as a remote code execution (RCE) flaw whose exploitation is “more likely”. There is another RCE vulnerability where exploitation is seen as “more likely” by the Redmond tech giant – the flaw affecting Microsoft SharePoint and indexed as CVE-2020-17061.

Security updates were released for a wide range of products, including Windows, Microsoft Office, both Internet Explorer and Edge browsers, as well as other products and services in Microsoft’s portfolio.

Both regular users and system administrators would be well advised to apply the patches as soon as practicable.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!