Security News
The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. One of the bugs that was of particular interest to researchers was CVE-2020-1299, a remote code execution issue that arises when trying to load Windows shortcut files.
Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates - the highest number of CVEs ever released by Microsoft in a single month. Microsoft's June Patch Tuesday volume beats out the update from May, where it released fixes for 111 security flaws, including 16 critical bugs and 96 that are rated important.
Microsoft has fixed a record 129 CVE-numbered vulnerabilities in a wide variety of its offerings: Windows, the Internet Explorer and Edge browsers, Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Azure DevOps, and more. "To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver," Microsoft explained.
5G adoption, security and worldwide market trendsWith 5G adoption ramping up all over the world, we sat down with Chris Pearson, President of 5G Americas, to learn more about the current 5G landscape. Zoom to offer end-to-end encryption only to paying customersAs Zoom continues on its path to bring end-to-end encryption to users, the big news is that only paid users will have access to the option.
May 2020 Patch Tuesday was pretty light on updates as predicted, so I'm expecting we'll see a more standard release of updates from Microsoft this month. These updates will be included in the regular patch Tuesday releases.
Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. Jailbreak tools take advantage of vulnerabilities in iOS to allow users root access and full control of their device, in order to load programs and code from outside of the Apple walled garden.
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."
An update released last week by VMware for the macOS version of Fusion attempts to fix a serious privilege escalation vulnerability introduced by a previous patch. VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console and Horizon Client for Mac.
Over the first quarter of 2020, the number of security bugs disclosed by software makers fell 20 per cent though not for any of the right reasons, it seems. Analysts at Risk Based Security cited both internal data and public reports from vendors in putting the number of security vulnerabilities reported over the first three months of the year at 4,968, down from 6,198 over the same period in 2019.