Security News > 2020 > March > Stuck at home? Need something to keep busy with? Microsoft has 115 ideas – including an awful SMBv3 security hole to worry about
The Patch Tuesday release includes 115-CVE listed flaws, including 26 classified as critical security risks.
As Dustin Childs of the Zero Day Initiative notes, such high-risk flaws are rare for Office apps like Word that are typically shielded from remote code risks because they do not automatically load documents.
Remote code flaws in the scripting engine, VBscript, Media Foundation, and Edge/IE themselves added up to 19 critical flaws.
Microsoft Defender had two elevation of privilege vulnerabilities while SharePoint was patched for four cross-site scripting flaws.
Enterprise giant SAP has dropped a number of fixes for high-severity issues, with four bulletins for flaws with CVSS ratings of 9 or higher.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/11/patch_tuesday_march_smbv3/
Related news
- Microsoft disables BitLocker security fix, advises manual mitigation (source)
- Microsoft security tools questioned for treating employees as threats (source)
- Microsoft hosts a security summit but no press, public allowed (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Microsoft overhauls security for publishing Edge extensions (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)