Microsoft Pushes 123 Fixes With This Month’s Patch Tuesday

  • Microsoft has released another fixing update for Windows components, plugging 17 critical flaws. 
  • The vulnerabilities concern remote code execution, elevation of privilege, and memory corruption cases.
  • None of the bugs have been noticed on actual attacks in the wild, as they were all discovered in the lab.

Another monthly fixing update for Microsoft Windows has landed, and this time, it squashes a total of 123 bugs. Seventeen of the identified flaws are classified as “critical,” 95 are “important,” and the rest are considered to be of “moderate” criticality. As always, you are advised to apply the available patch as soon as possible, as this is crucial in keeping your system secure. Many of the disclosed vulnerabilities concern remote code execution (RCE) flaws, some have to do with memory corruption, and others are based on local privilege escalation scenarios, so the full spectrum is covered.

Here are the most crucial flaws, as highlighted by the Sophos Labs and the Cisco Talos teams:

CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1102: These are all RCE flaws affecting the Microsoft SharePoint web-based collaboration platform. By uploading a specially crafted packet onto the SharePoint server, or by convincing the target to open a malicious file, an attacker could execute code on the victim’s machine or server.

CVE-2020-1062: This is a memory corruption vulnerability affecting the Internet Explorer browser. For its triggering, an attacker would need to lead the victim into visiting a specially crafted web page. This would eventually lead to an RCE scenario.

CVE-2020-1054,CVE-2020-1143, CVE-2020-0915,CVE-2020-0916,CVE-2020-0963,CVE-2020-1141,CVE-2020-1142,CVE-2020-1145, CVE-2020-1135,CVE-2020-1153: These ten flaws affect the Windows Graphic Components, and are leading to local elevation of privilege conditions. There are some prerequisites for them to work, like having access to the Windows graphic session and being able to execute code. Still, a knowledgeable attacker could potentially elevate privileges to SYSTEM.

CVE-2020-1037, CVE-2020-1056, CVE-2020-1059, CVE-2020-1096, CVE-2020-1062, CVE-2020-1092, CVE-2020-1093: These flaws concern the Edge web browser that Microsoft has been pushing for adoption aggressively, and more specifically its ChakraCore JavaScript engine. Some of the identified vulnerabilities are also found in the VB Scripting engine of Internet Explorer 11.

CVE-2020-1084, CVE-2020-1123, CVE-2020-1137, CVE-2020-1081: These four are bugs in Windows services like printing, push notifications, the background intelligent transfer service (BITS) and the connected user experiences and telemetry service. They are not easy to trigger as they would require higher privileges to abuse symbolic links and junctions.

CVE-2020-1103: This is an information disclosure flaw affecting SharePoint. An attacker could exploit it to launch a successful cross-site search assault, potentially obtaining information by running search queries as the logged-in user.

Microsoft hasn’t provided technical details on most of the above, for reasons of security and precaution. In addition, they have specified that all of the fixed bugs were discovered in the lab and that none of them were detected in the wild. Thus, the chances of cyber-criminals knowing about how to exploit the 123 fixed bugs are slim, but no one can rule this out with certainty.

ICC World Test Championship Final 2023 Live Stream: How to Watch Test Cricket Online from Anywhere 
The pinnacle of test cricket is upon us, and the excitement is high ahead of what promises to be a thrilling contest...
How to Watch Avatar: The Way of Water Online from Anywhere
This year, Avatar: The Way Of Water became the third-highest-grossing picture of all time, collecting more than 2 billion dollars since its...
How to Watch It’s Always Sunny in Philadelphia Season 16 Online from Anywhere
It’s Always Sunny in Philadelphia Season 16 is here, and you will find below the premiere date, cast, plot, episode release schedule,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari