Security News > 2020 > June > June 2020 Patch Tuesday: Microsoft fixes record monthly number of CVEs

Microsoft has fixed a record 129 CVE-numbered vulnerabilities in a wide variety of its offerings: Windows, the Internet Explorer and Edge browsers, Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Azure DevOps, and more.

"To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver," Microsoft explained.

"In the recent 2020 Verizon DBIR, researchers found that over 22% of incidents were due to human error, and 30% of breaches were due to phishing attacks, going to show that despite increased efforts by organizations to address training, users still click on links, open files, and visit websites that could potentially be compromised. Each of these vulnerabilities relies on these user patterns, and if left unaddressed and vulnerable, could be a backdoor for an attacker to execute malicious code, install a backdoor, modify user credentials, or navigate laterally through the corporate network. And seeing as each of these addresses vulnerabilities impact Windows Server from 2008 to 2019, a successful exploit could be devastating to an organization."

Microsoft has fixed several bugs affecting Office, including a critical Microsoft Outlook security feature bypass vulnerability.

The Flash update should be a priority as it fixes a critical flaw that could be exploited to achieve arbitrary code execution on the target system and the vulnerability is in a piece of software that is still widely used and has historically been a preferred target of attackers.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/uXQ8LFgUaJc/