Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Microsoft Releases Windows Updates to Resolve 115 Vulnerabilities
Message
<blockquote data-quote="Antus67" data-source="post: 864916" data-attributes="member: 83595"><p><strong>Microsoft’s March 2020 Patch Tuesday cycle is a heavy one, as it includes updates for a total of 115 vulnerabilities. A total of 26 security flaws are flagged with a critical severity ratings.</strong></p><p></p><p>Out of the 26 critical vulnerabilities, no less than 17 affect browser and scripting engines, so if you’re using Microsoft’s browsers, the best advice is to patch as soon as possible.</p><p></p><p>There are three Remote Code Execution, or RCE, flaws that are resolved this month.</p><p></p><p>First and foremost, it’s <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852" target="_blank">CVE-2020-0852</a>, a vulnerability in Microsoft Word that would allow an attacker to execute malicious code on behalf of the user. To exploit this flaw, a malicious actor needs to convince the user to open a crafted file using an unpatched version of Microsoft Word. The vulnerable versions are Microsoft Office 2016 for Mac, Microsoft Office 2019, Microsoft Office Online Server, and Microsoft SharePoint Server 2019.</p><p></p><p>No failed installs</p><p>Then, it’s an RCE flaw in Application Inspector tracked as <a href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0872" target="_blank">CVE-2020-0872</a>.</p><p></p><p>“A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external server,” Microsoft explains.</p><p></p><p>The third RCE affects Dynamics Business Central and is detailed in <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905" target="_blank">CVE-2020-0905</a>. Microsoft says an attacker that manages to compromise an unpatched host could then execute arbitrary shell commands on victim’s server.</p><p></p><p>On Windows 10 devices, all these patches are bundled with the latest cumulative updates, available both on Windows Update and on Microsoft’s Update Catalog. Given the big number of patched vulnerabilities, users are recommended to install the new updates as soon as possible.</p><p></p><p>There are no reports of failed installs or botched updates so far.</p><p></p><p>Source: <a href="https://news.softpedia.com/news/microsoft-releases-windows-updates-to-resolve-115-vulnerabilities-529416.shtml" target="_blank">Microsoft Releases Windows Updates to Resolve 115 Vulnerabilities</a></p></blockquote><p></p>
[QUOTE="Antus67, post: 864916, member: 83595"] [B]Microsoft’s March 2020 Patch Tuesday cycle is a heavy one, as it includes updates for a total of 115 vulnerabilities. A total of 26 security flaws are flagged with a critical severity ratings.[/B] Out of the 26 critical vulnerabilities, no less than 17 affect browser and scripting engines, so if you’re using Microsoft’s browsers, the best advice is to patch as soon as possible. There are three Remote Code Execution, or RCE, flaws that are resolved this month. First and foremost, it’s [URL='https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852']CVE-2020-0852[/URL], a vulnerability in Microsoft Word that would allow an attacker to execute malicious code on behalf of the user. To exploit this flaw, a malicious actor needs to convince the user to open a crafted file using an unpatched version of Microsoft Word. The vulnerable versions are Microsoft Office 2016 for Mac, Microsoft Office 2019, Microsoft Office Online Server, and Microsoft SharePoint Server 2019. No failed installs Then, it’s an RCE flaw in Application Inspector tracked as [URL='https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0872']CVE-2020-0872[/URL]. “A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external server,” Microsoft explains. The third RCE affects Dynamics Business Central and is detailed in [URL='https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905']CVE-2020-0905[/URL]. Microsoft says an attacker that manages to compromise an unpatched host could then execute arbitrary shell commands on victim’s server. On Windows 10 devices, all these patches are bundled with the latest cumulative updates, available both on Windows Update and on Microsoft’s Update Catalog. Given the big number of patched vulnerabilities, users are recommended to install the new updates as soon as possible. There are no reports of failed installs or botched updates so far. Source: [URL="https://news.softpedia.com/news/microsoft-releases-windows-updates-to-resolve-115-vulnerabilities-529416.shtml"]Microsoft Releases Windows Updates to Resolve 115 Vulnerabilities[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top