Microsoft repairs 58 security flaws in its products

Microsoft repairs 58 security flaws in its products

Issued a company Microsoft fixes for up to 58 newly discovered security flaws covering up to 11 products and services, bringing the total fixes released this year to 1,250.

There are fewer fixes in December compared to the fixes previously announced by Microsoft, which have over 100 fixes each month.

Of these new corrections, 9 were rated as critical, 46 as significant, and 3 as moderately severe.

The December security release addresses issues in Windows, Edge, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

The December fixes related to a number of flaws in RCE remote code execution In Microsoft Exchange, SharePoint, and Excel.

Plus a patch for Kerberos security bypass, There are a number of disadvantages of escalating privileges in a Windows backup drive.

A security flaw named CVE-2020-17095 carries the highest severity of all vulnerabilities patched this month.

These security errors must be corrected quickly, as they can be exploited more easily, without user intervention, either over the Internet or via the local network.

In addition, a security advisory was included for the DNS cache poisoning vulnerability (CVE-2020-25705), which security researchers from Tsinghua University and University of California discovered last month.

This flaw is called a SAD DNS attack, and it could allow the attacker to simulate a DNS packet, which can be stored temporarily by the DNS resolver, enabling re-enabling of the DNS cache poisoning attacks.

Microsoft strongly recommends that Windows users and system administrators apply the latest security patches to resolve the threats associated with these problems.

Another major bug fixed this month as well is a bug in Hyper-V, the virtualization technology from Microsoft used to host virtual machines.

This flaw can be exploited via a malicious SMB packet, and this flaw could allow a remote attacker to breach Default sandbox environments, Which is something Hyper-V is designed to protect.

Leave a Reply