Saturday, December 2, 2023

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Microsoft released a security update under patch Tuesday with the fixes of 129 vulnerabilities, and this patch is the largest patch ever released by Microsoft.

Several Microsoft software products were patched in the June security release of following:-

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Microsoft Dynamics
  • Visual Studio
  • Azure DevOps
  • HoloLens
  • Adobe Flash Player
  • Microsoft Apps for Android
  • Windows App Store
  • System Center
  • Android App

Out of 129 vulnerabilities, 11 vulnerabilities categorized as “Critical” 109 vulnerabilities marked as “Important”, 7 as “moderate” and 2 vulnerabilities fixed as “Low” Severity.

Critical Vulnerabilities are affected by several Microsoft products including, Browsers, Office SharePoint, Scripting Engine, Windows OLE, Print Spooler Components, and windows Shell and there is no zero-day bugs patched in this update.

Critical Vulnerabilities

A critical bug(APSB20-30) in Adobe Flash Player for Windows has patched in this update, and the successful exploitation of this vulnerability could lead an attacker to execute arbitrary code.

Another critical Memory corruption vulnerability(CVE-2020-1219 ) affected browsers let an attacker execute arbitrary code in the context of the current user. if the current users logged-in as administrator rights, an attacker can view, delete, even create a new account by hosting a malicious website and drop an exploit by tricks users to access it.

Microsoft office critical SharePoint server Remote code execution vulnerability (CVE-2020-1181) allows an authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to act on the content of a specific process in the SharePoint application.

Microsoft Scripting Engine affects with 1 script engine memory corruption vulnerability(CVE-2020-1073), and 2 VBscript remote code execution vulnerabilities (CVE-2020-1216), (CVE-2020-1213) allows attackers to execute arbitrary code in the context of current users.

Another critical remote code execution vulnerability (CVE-2020-1248) Windows Graphics Device Interface (GDI) that handles objects in the memory and the successful exploitation of this vulnerability allows attackers to control the affected system.

In the rest of the 4 vulnerabilities, 1 of them (CVE-2020-1281) affected the Windows OLE, Windows Print Spooler Components (CVE-2020-1300) and the other 2 affected Windows Shell (CVE-2020-1299, CVE-2020-1286). All vulnerabilities allow attackers to execute a remote of on the vulnerable system.

Not only Microsoft But there are several vendors of the following that have released a security update.

Intel released a security update for 22 vulnerabilities in June 2020 Platform Update
Mozilla released Firefox 77.0.1 was released.
Android released their June 2020 security updates.
Adobe released security updates today for Flash Player, Experience Manager, and Framemaker.

No Zero-day

Unlike previous Patch Tuesday updates, there is no zero-day vulnerability fixed, and no active exploit has seen in the wide in this October Tuesday update.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the June 2020 Patch here.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles