February 9, 2021
Microsoft today rolled out updates to plug at least 56 security holes in its
Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.
Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users.
The flaw being exploited in the wild already CVE-2021-1732 affects Windows 10, Server 2016 and later editions. It received a slightly less dire “important” rating and mainly because it is a vulnerability that lets an attacker increase their authority and control on a device, which means the attacker needs to already have access to the target system.
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited by malware or miscreants to seize remote…
Secure Code Training Software Market SWOT Analysis by Leading Key Players newyorktelegraph.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from newyorktelegraph.com Daily Mail and Mail on Sunday newspapers.
READ MORE
The CVE-2020-17118 bug was discovered by Jonathan Birch, a Senior Security Software Engineer on the Microsoft Office Security Team.
The critical flaw affects the following versions of SharePoint: Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Foundation 2010 Service Pack 2.
Speaking to Threatpost, Kevin Breen - the director of cyberthreat research at Immersive Labs - said the SharePoint CVEs are a priority to fix.
Breen said: Both are rated as critical as they have RCE, and Sharepoint can be used like a watering hole inside large organisations by an attacker. All it takes is for a few weaponised documents to be placed for malicious code to spread across an organisation.