6

Microsoft fixes 87 security vulnerabilities in its latest Patch Tuesday release...

 1 year ago
source link: https://www.techspot.com/news/99724-microsoft-fixes-87-security-vulnerabilities-latest-patch-tuesday.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Microsoft fixes 87 security vulnerabilities in its latest Patch Tuesday release

A couple of nasty, currently exploited zero-day flaws should be fixed as well

By Alfonso Maruccia Today 1:10 PM
Microsoft fixes 87 security vulnerabilities in its latest Patch Tuesday release
TechSpot is celebrating its 25th anniversary. TechSpot means tech analysis and advice you can trust.

Why it matters: On the second Tuesday of every month for the past two decades, Redmond has consistently issued new security updates for Windows and all of its software products. This practice is informally referred to as "Patch Tuesday," and it typically adds to the workload of sysadmins and code analysis specialists.

Microsoft recently released security fixes for 87 bugs. This month's Patch Tuesday also includes remedies for two vulnerabilities that were actively being exploited by cybercriminals. Redmond's official bulletin comprises security notices for Teams, Exchange Server, .NET Core, Visual Studio, Azure, Hyper-V, and various Windows components.

Six vulnerabilities were classified as "critical," while 23 flaws could be exploited to execute potentially malicious code from remote locations. Overall, the flaws fixed by the latest Patch Tuesday are classified as follows: 18 elevation of privilege vulnerabilities, three security feature bypass vulnerabilities, 23 remote code execution vulnerabilities, 10 information disclosure vulnerabilities, eight denial of service vulnerabilities, and 12 spoofing vulnerabilities.

The updates don't include 20 security fixes for the Chromium-based Edge browser, which Microsoft released earlier this month. A comprehensive report about all the fixed vulnerabilities and related advisories has been published by Bleeping Computer.

2023-08-09-image-18.jpg

Patch Tuesday includes an advisory (ADV230003) about a Microsoft Office Defense in Depth Update, designed to provide enhanced security for Redmond's productivity suite. The update thwarts an attack chain that could lead to CVE-2023-36884, a previously mitigated remote code execution vulnerability in the Windows Search feature. This flaw could bypass the Mark of the Web (MoTW) security feature, urging users to download and open malicious files without displaying a security warning.

The zero-day flaw had already been exploited in a ransomware operation by the RomCom hacking group. However, it should now be fixed (and unexploitable) for good. The second zero-day addressed this month is a .NET and Visual Studio Denial of Service Vulnerability (CVE-2023-38180), capable of causing a denial of service against .NET applications and the Visual Studio IDE. Microsoft didn't provide any additional details about this flaw.

Microsoft rolled out its latest patch series via Windows Update, update management systems such as WSUS, and as direct downloads available on the Microsoft Update Catalog. Other companies providing security fixes in sync with the August 2023 Patch Tuesday include Adobe, AMD, Cisco, Google, SAP, and VMware.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK