<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
15 Dec, 2020
Risk To Microsoft Users - 58 Security Vulnerabilities Found

Microsoft is always concerned about the security of its users. The company timely releases the Tuesday patches to keep their system strong and flawless. Likewise, Microsoft releases fixes for 58 new security vulnerabilities for 11 of its products and services.

The products and services include Microsoft Windows, Edge Browser, MS Office, Exchange Server, ChakraCore, Azure DevOps, Azure SDK, Azure Sphere, Visual Studio, and Microsoft Dynamics.

So, what are these vulnerabilities, and how risky are they?

As explained by Microsoft, the severities of the 58 flaws are described as below:

  • 9 critical
  • 46 important
  • 3 moderate

Luckily, none of the vulnerabilities were known publicly or exposed to the black hat hackers as no exploitation was found.

The December fixes concern several Remote Code Execution (RCE):

  • Microsoft Exchange (CVE-2020-17132)
  • SharePoint (CVE-2020-17118 and CVE-2020-17121)
  • Excel (CVE-2020-17123)
  • Hyper-V virtualization software (CVE-2020-17095)
  • Kerberos (CVE-2020-16996)
  • Windows backup engine
  • Windows Cloud Files Mini Filter Driver

Among the above-mentioned issues, Hyper-V virtualization software (CVE-2020-17095) carries the highest risk of 8.5 (CVSS score).

Microsoft stated:

"To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,"

To minimize the risk, Microsoft recommends updating the UDP packet size to 1221 bytes.

An official statement says, "For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP,"

Besides, Windows users are strongly advised to implement the latest released patches to resolve the issues.

Don't wait, go, and update your system!

Found this helpful?

Stay in touch with ISOEH (Indian School of Ethical Hacking) for cyber security updates. We help individuals and groups with various cyber security courses and training.

We have been serving in the cyber community for 15 years!

Read Other Breaking News

Read All Breaking News »

Exclusive Blog

Read All Exclusive Blog »
A few tips for the perfect homework
A few tips for the perfect homework

With world working from home, it's time to make it enjoyable and effective.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details