Microsoft fixed 112 vulnerabilities in its products |
Microsoft released a patch in November to fix 112 newly discovered vulnerabilities in the software giant's products.
Of the 112 security vulnerabilities that have been fixed, 17 are rated as severe, 93 as important and 2 as moderate.
The patch includes a fix for the privilege escalation flaw in the Windows kernel cipher driver CVE-2020-17087 that was discovered by Google's Project Zero team last week.
Microsoft has identified CVE-2020-17087 as an important vulnerability due to its severity. Attackers attempting to exploit this vulnerability should investigate the different types of Windows Server, Windows 10, Windows 7, Windows 8.1 or Windows RT affected by the vulnerability. Installed for physical access.
The security update includes a number of programs including: Microsoft Windows, Office, Office Services, Web Apps, Internet Explorer, Edge, Exchange Server, Microsoft Dynamics, Windows Codec Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.
This update addresses several RCE remote code execution vulnerabilities that affect Exchange Server, the Network File System, and Microsoft Teams, as well as security override errors in Windows Hyper-V virtualization software.
Microsoft indicated that CVE-2020-17051 obtained 9.8 (ten out of ten), making it a serious vulnerability. The complexity of the attack - a situation which must be out of the attacker's control to exploit this vulnerability - makes the attacker vulnerable.
Other major bugs fixed by Microsoft this month include memory corruption vulnerabilities in Microsoft Scripting Engine and Internet Explorer, and various errors in implementing remote RCE code in the HEVC video extension codec library.
As with major vulnerabilities, the warnings associated with these vulnerabilities are underestimated, and information is provided about how the vulnerabilities occurred while the remote RCE code or Windows Hyper-V security features were run. Exceeded.
Microsoft strongly recommends that Windows users and system administrators apply the latest security patches to help address the threats associated with these issues.