Microsoft has released new security updates

 Microsoft has released a new series of updates for September that address different versions of the Windows operating system and related software.


Updates for detected vulnerabilities are available for bugs affecting Microsoft Windows, the Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics. A total of 129 vulnerabilities have been fixed, of which 23 are classified as critical and 105 are significant and one is of moderate severity.


Of these, CVE-2020-16875 is a remote code execution (RCE) error in the Microsoft Exchange server caused by incorrect validation of "cmdlet" arguments. Successfully exploited, this could allow malicious people to run arbitrary code in the context of the system user, this being done by compromising a user logged in with certain privileges in Microsoft Exchange, thus allowing the attacker to view, modify, delete data or to create new accounts.


Two critical remote code execution vulnerabilities in the Windows Codecs Library have also been fixed ( CVE-2020-1129 and CVE-2020-1319 ) . Both relate to the handling of objects in memory, and successfully exploited CVE-2020-1129 could allow obtaining information that may compromise the user's system, and CVE-2020-1319 can be used to take control of the affected system.


Other vulnerabilities in RCE are CVE-2020-16857 and CVE-2020-16862 which affect the local deployment of Microsoft Dynamics 365, CVE-2020-1200 , CVE-2020-1210 , CVE-2020-1452 , CVE-2020-1453 , CVE- 2020-1576 and CVE-2020-1595 are for Microsoft SharePoint and cover cases where the software does not check the source markup of a loaded application package.


Also, RCE vulnerabilities related to improper handling and management of in-memory objects represent CVE-2020-1593 and CVE-2020-1508 affecting Windows Media Audio Decoder, CVE-2020-0922 targeting Microsoft COM for Windows, CVE- 2020-0908 addressed in the Windows Text Service Module, CVE-2020-0097 affects the Windows Camera Codec Pack and CVE-2020-16874 in Visual Studio.

Technicians are well-versed with the brass tacks of the services/products, which they provide support for. If IT Technicians are unable to resolve a problem, it is escalated to the senior team.

Vulnerabilities marked as important include Active Directory, Active Directory Federation Services (ADFS), Internet Explorer Browser Helper, JET Database Engine, ASP.NET Core, Excel, Graphics Component, Office SharePoint, SharePoint Server, OneDrive for Windows, Word, Scripting Engine, Win32k, Windows Defender Application Control, Windows DNS and more. Most of these, being successfully exploited, can allow the disclosure of information, increase of unauthorized privileges, execution of scripts, NCE, circumvention of security modules and denial of service attacks.

Comments

Post a Comment

Popular posts from this blog

Targeted by DDoS attacks

Distributed Denial of Service (DDoS) attacks are a common method used by hackers to try to take down a website. By inundating the site with traffic from multiple sources, the goal is to overwhelm the web server until it crashes or is forced to shut down. DDoS attacks can hit any organization large or small. But certain industries and types of businesses are more heavily targeted, according to a report from Imperva. Most DDoS attacks in 2019 were directed toward companies in the gaming and gambling sectors, the report found. how to mitigate ddos attack ? Released on Wednesday, Imperva's annual Global DDoS Threat Landscape Report looks at the greater scale, effective strategies, and higher frequency of DDoS attacks. In 2019, most of the DDoS attacks observed by Imperva were smaller than in the past. Around 25% lasted less than 10 minutes and 15% less than 30 minutes. Only around 5% lasted more than 24 hours. The small duration could be explained by the need to do as much dam
Read more

Test of English as a Foreign Language (TOEFL)

 This is one of the most famous proficiency tests in Brazil and the world. It was developed in 1964 by ETS, an American non-profit institution, focused on educational testing. Since its creation, it has been applied more than 20 million times. It is accepted in institutions in the United States, United Kingdom and Australia, in addition to more than 110 countries for the issuance of the visa. Read more:  Amazon Saheli Quiz Answers The tests are carried out between two to three times a month, in accredited institutions. The tests assess text comprehension (from 60 to 100 minutes), listening comprehension (between 60 and 90 minutes), oral exam (20 minutes) and written exam (50 minutes). Each stage is worth 30 points, with 120 being the highest possible score. It is important to note that the minimum grade required varies according to the institution. The evaluation costs approximately 700 reais. Read more:  http://techhub.bloger.id/competitive-differential-equal-to-everyone-else-s.xhtml
Read more

What Is a DDoS Attack?

A distributed denial of service (DDoS) attack is kind of like a traffic jam on a website What is a DDoS attack and what does it mean for your website? Instead of jumping deep into technical details, let’s start with a real-world analogy that makes it really easy to visualize what a DDoS attack is… DDoS attack mean Imagine, for a moment, that it’s a Sunday afternoon and you’re driving down the highway with your family, headed to your favorite picnic spot. You’re cruising down the highway at 70 miles an hour – it won’t be long before you’re at the park enjoying a lovely autumn day! You check your GPS traffic report, only to see that the jam extends for miles and there’s no way around it. There’s no way you’ll make it to the park in time for your picnic. That’s basically what a distributed denial of service (DDoS) attack is – lots of users (in this case, cars) that are jamming up a system (the highway) to deny you from accessing a service (the park). Usually when we talk about
Read more