Security News > 2020 > January > Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows code-signing bugs, RDP flaws...

Amid Uncle Sam's dire warnings, Microsoft said there is no evidence of the flaw being targeted in the wild and its severity level is listed as "Important," a step below the critical remote code execution bugs in RDP,.NET and Internet Explorer.

The American spying agency wants everyone to know - to the point of even holding a press conference about CVE-2020-0601 - that it privately found and reported this diabolical cert flaw to Microsoft, and that it is a totally friendly mass-surveillance system that has turned a new leaf, wants to be on the good side of infosec researchers, and cares about your ongoing ability to verify the origin and integrity of executable files and network connections.

Those include flaws in Excel and one for Office in general.

Intel also addressed an information disclosure flaw in Processor Graphics, which we note affects Windows, Linux, and perhaps other operating systems; a denial of service bug in Chipset Device Software INF Utility; and an elevation of privilege bug in RAID Web Console 3 for Windows.

That fix cleans up CVE-2020-3941, a race condition flaw that would potentially allow users to escalate their privileges within a Windows VM. While not as serious as a full hypervisor escape bug, the flaw is worth patching.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/14/patch_tuesday_january_2020/