Security News
The lion's share of the bugs are rated important, but there are 11 CVEs rated critical. These are all bugs affecting Windows 10, and many also affected the latest 2004 build.
Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. June marks the fourth month in a row that Microsoft has issued fixes to address more than 100 security flaws in its products.
The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. One of the bugs that was of particular interest to researchers was CVE-2020-1299, a remote code execution issue that arises when trying to load Windows shortcut files.
Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates - the highest number of CVEs ever released by Microsoft in a single month. Microsoft's June Patch Tuesday volume beats out the update from May, where it released fixes for 111 security flaws, including 16 critical bugs and 96 that are rated important.
Microsoft has fixed a record 129 CVE-numbered vulnerabilities in a wide variety of its offerings: Windows, the Internet Explorer and Edge browsers, Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Azure DevOps, and more. "To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver," Microsoft explained.
5G adoption, security and worldwide market trendsWith 5G adoption ramping up all over the world, we sat down with Chris Pearson, President of 5G Americas, to learn more about the current 5G landscape. Zoom to offer end-to-end encryption only to paying customersAs Zoom continues on its path to bring end-to-end encryption to users, the big news is that only paid users will have access to the option.
May 2020 Patch Tuesday was pretty light on updates as predicted, so I'm expecting we'll see a more standard release of updates from Microsoft this month. These updates will be included in the regular patch Tuesday releases.
Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. Jailbreak tools take advantage of vulnerabilities in iOS to allow users root access and full control of their device, in order to load programs and code from outside of the Apple walled garden.
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."