Security News > 2020 > July > Microsoft Tackles 123 Fixes for July Patch Tuesday
A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft's July Patch Tuesday list of 123 fixes.
"A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to a vulnerable Windows DNS server. Successful exploitation would allow the attacker to execute arbitrary code under the local system account context," wrote Satnam Narang, staff research engineer at Tenable, in the company's Patch Tuesday analysis.
In all, Microsoft patched 123 bugs, 18 listed as critical and 105 listed as important in severity.
Researchers at ZDI singled out a "Rare" critical elevation-of-privilege vulnerability in Microsoft Office: "It's rare to see an elevation-of-privilege bug rated critical in severity, but this vulnerability in SharePoint and Skype for Business servers certainly earns its rating." The flaw allows attackers to gain access to impacted servers through the improper handling of an OAuth token.
Adobe patches included fixes for four critical vulnerabilities, as outlined by Threatpost.
News URL
https://threatpost.com/microsoft-tackles-123-fixes-july-patch-tuesday/157440/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)