Security News

The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. One of the bugs that was of particular interest to researchers was CVE-2020-1299, a remote code execution issue that arises when trying to load Windows shortcut files.

Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates - the highest number of CVEs ever released by Microsoft in a single month. Microsoft's June Patch Tuesday volume beats out the update from May, where it released fixes for 111 security flaws, including 16 critical bugs and 96 that are rated important.

Microsoft has fixed a record 129 CVE-numbered vulnerabilities in a wide variety of its offerings: Windows, the Internet Explorer and Edge browsers, Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Azure DevOps, and more. "To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver," Microsoft explained.

5G adoption, security and worldwide market trendsWith 5G adoption ramping up all over the world, we sat down with Chris Pearson, President of 5G Americas, to learn more about the current 5G landscape. Zoom to offer end-to-end encryption only to paying customersAs Zoom continues on its path to bring end-to-end encryption to users, the big news is that only paid users will have access to the option.

May 2020 Patch Tuesday was pretty light on updates as predicted, so I'm expecting we'll see a more standard release of updates from Microsoft this month. These updates will be included in the regular patch Tuesday releases.

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. May marks the third month in a row that Microsoft has pushed out fixes for more than 110 security flaws in its operating system and related software.

An attacker who successfully exploited either vulnerability could run arbitrary code in kernel mode; thus, an attacker could then install programs; view, change or delete data; or create new accounts with full user rights. In all cases an attack requires user interaction, such as tricking users into clicking a link that takes them to the attacker's site.

For the May 2020 Patch Tuesday, Microsoft has fixed 111 CVE-numbered flaws and Adobe 36, but none are under active attack. The vulnerability is found in most Windows 10 and Windows Server builds and Microsoft deems it "More likely to be exploited."

SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP!Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns. The US Department of Homeland Security and the UK National Cyber Security Centre issued a joint advisory in early April, warning about this increasing activity.

The forecast for May is looking light on updates, which will be a relief to many IT professionals busy dealing with increasing threats and the challenges of remote system management. Oracle released their Critical Patch Updates last month which happened to coincide with April Patch Tuesday.