Security News

The United States Cyber Command warns that users should apply the latest patches for Microsoft software to ensure they won't fall victim to exploitation attempts. The most important of these issues, US Cyber Command points out, is CVE-2020-16898, a critical bug in the Windows TCP/IP stack that can be triggered remotely to potentially achieve remote code execution on the victim machine.

Microsoft is performing a test where they are installing a suite of Office progressive web apps in Windows 10 without asking permission from the user. Over the past week, Microsoft has been conducting a test where they have been forcibly installing Word, Excel, PowerPoint, and Outlooks PWAs into Microsoft Edge and registering them with Windows 10.

One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows' TCP/IP driver that could lead to the remote execution of code. An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.

Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files. The flaw allows an attacker to combine a legitimately signed Microsoft Windows Installer package with the attacker's JAR file into an encapsulating JAR file.

US Cyber Command warns Microsoft customers to immediately patch their systems against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month's Patch Tuesday. "Update your Microsoft software now so your system isn't exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely," US Cyber Command said in a tweet earlier today,.

Microsoft has fixed nearly 90 vulnerabilities with its October 2020 Patch Tuesday updates and while none of them has been exploited in attacks, several of the flaws were publicly disclosed before the patches were released. The publicly disclosed vulnerabilities have been classified as important severity and their exploitation can lead to information disclosure or privilege escalation.

Loosely speaking, if someone can ping your unpatched Windows 10 or Windows Server 2019 computer from theirs, they can probably crash you with this bug. In other words, Windows stack overflows in networking software almost always used to lead to so-called remote code execution exploits, where attackers could trigger the bug from afar with specially crafted network traffic, run code of their own choosing, and thereby inject malware without you even being aware.

Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products. According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets.

Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps for Enterprise. CVE-2020-16898 - A Windows TCP/IP vulnerability that could be remotely exploited by sending a specially crafted ICMPv6 router advertisement to an affected Windows server or client and could allow code execution.

Windows and Mac users running Foxit's popular PhantomPDF reader should update their installations to the latest version after the US CISA cybersecurity agency warned of a handful of high-severity product vulnerabilities. Foxit has published updates for its software in both Windows and Apple Mac formats.