November 12, 2020 Sin comentarios

Microsoft PatchTuesday

Microsoft has released this week a new patch of
Security where the current month's patches are accumulated, This is known
as Patch Tuesday. In this security patch the company has achieved
solve 112 Security bugs in a wide variety of products, since
Microsoft Edge through Windows WalletService.

Among the security flaws fixed in this patch
is a Windows Zero-Day vulnerability which is in exploitation
In-the-wild. The vulnerability identified as CVE-2020-17087 was disclosed
by the security teams Google Project Zero and Tag on the day 30 October. This
Zero-Day vulnerability is being exploited along with another Zero-Day vulnerability in Chrome
and primarily targets Windows users 7 and Windows 10.

Attackers would use Chrome's Zero-Day to
get to execute malicious code inside Chrome and once the code is injected
would use Windows Zero-Day to escape the Chrome Sandbox (an area of
Browser security test) and to raise the privileges of the
Code to attack the operating system. This short description is
the only information Microsoft has offered about the attack.

Google discovered this Zero-Day in mid-October
and inform Microsoft of this, telling the company he had seven days to
launch a patch correcting the bug or Google would release a news item
reporting the existence of this vulnerability. Because of the time it takes to test and
adjust a security measure on a Windows operating system, The patch does not
was ready during the period of time that Google indicated that Microsoft had
Before Disclosing Information. The patch is available from the latter
update.

As reported by Microsoft, this Zero-Day resides in the
Windows kernel and impacts all its versions, This means that the
versions prior to Windows 7 and all versions of Windows Server
are also affected by this vulnerability.

In addition to this Windows Zero-Day, There are others 111 Vulnerabilities
that need to be patched, Among these vulnerabilities we find 24 Errors
that can allow code execution remotely (RCE) in applications
like Microsoft Teams, Windows Network, File system, Excel, Microsoft
Exchange Server, even in the Windows print spooler service.

Leave a Reply

Your email address will not be published. Required fields are marked *

More news
Atacan un centro de investigación nuclear en Polonia
Read more »
A cybercriminal manages to use AI to steal data from the Mexican Government
Read more »
Intec creates an AI that redefines the rules of the game in cybersecurity in the AI era.
Read more »
Una exfiltración de datos afecta a un proveedor de Adidas
Read more »
Se incrementan un 26% los incidentes de ciberseguridad
Read more »