Microsoft is always concerned about the security of its users. The company timely releases the Tuesday patches to keep their system strong and flawless. Likewise, Microsoft releases fixes for 58 new security vulnerabilities for 11 of its products and services.
The products and services include Microsoft Windows, Edge Browser, MS Office, Exchange Server, ChakraCore, Azure DevOps, Azure SDK, Azure Sphere, Visual Studio, and Microsoft Dynamics.
As explained by Microsoft, the severities of the 58 flaws are described as below:
Luckily, none of the vulnerabilities were known publicly or exposed to the black hat hackers as no exploitation was found.
Among the above-mentioned issues, Hyper-V virtualization software (CVE-2020-17095) carries the highest risk of 8.5 (CVSS score).
"To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,"
To minimize the risk, Microsoft recommends updating the UDP packet size to 1221 bytes.
An official statement says, "For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP,"
Besides, Windows users are strongly advised to implement the latest released patches to resolve the issues.
Don't wait, go, and update your system!
Stay in touch with ISOEH (Indian School of Ethical Hacking) for cyber security updates. We help individuals and groups with various cyber security courses and training.
We have been serving in the cyber community for 15 years!